RSS

Personal data protection

Dec 09 2008

Personal data protection Personal data protection

Widely reported government data breaches have brought the issue of information security to the fore, but that doesn’t mean companies have nothing to worry about.

‘While the government is being lambasted for quite public and regular breaches, they are certainly not alone,’ says Paula Barrett, head of the data protection group at law firm Eversheds. She adds that cases such as the theft of an unencrypted laptop from Marks & Spencer, which held the personal information of 26,000 employees, have shown that corporate Britain is also vulnerable to the problem of accidental leakage of sensitive data and the bad publicity that inevitably follows.

Of course, if you don’t store data in the first place, you can’t lose it. Martin Bysh, MD of dating website operator Makefriendsonline, says all payments to his company are handled by processor Paypoint.net, while the only data stored by Makefriendsonline is the user’s nickname and personal details (such as height, religion and skin colour) which do not identify the individual.
 
‘There’s a very clear split between recognisable personal data and the rest,’ says Bysh. ‘If we see that people have used their real name as a nickname, we often shut down the account and write to them, suggesting they choose another one.’

As a result, Makefriendsonline doesn’t need the complex IT infrastructure and security tools that it would require to safeguard credit card details, Bysh states.
 
‘The key thing is to recognise that [data protection] is your responsibility. It’s not just a moral obligation [of the business] but a legal requirement,’ he says.

Not my problem

Such an attitude is rare, according to a Paypoint.net survey. Some 99 per cent of respondents from 350 UK-based online businesses do not believe fraud resulting from data breaches is their responsibility, pointing the finger at banks, credit card issuers or payment service providers.

Barrett feels that companies are still ‘struggling’ to get to grips with the Data Protection Act 1998, despite the fact it’s been around for ten years.

‘We will see further regulation: technology has moved on apace and in particular the use of the internet,’ she argues. ‘There is information gathering going on now that was never imagined ten years ago.’

Richard Webster is marketing director at DLG, a company that collects personal information from consumers through telephone conversations, printed questionnaires or online competitions, then sells that data on to third parties. Legally, the business depends on the fact that people volunteering their information agree for it to be used in that way.

‘It’s not in our interests to try and dupe people into entering their details under false pretences – quite apart from the fact it’s against the law,’ says Webster. ‘Our intention is to maintain an ongoing communication so we can maximise our revenues from each individual.’

Opting out

As required by legislation, consumers can unsubscribe at any time from all communication from DLG or its clients. As a result, the company strives to ensure that no one receives inappropriate material, claims Webster.

‘All the law boils down to is being open and honest with people,’ he adds.

Like Bysh and Webster, Barrett feels
that data protection legislation does not place an undue burden of responsibility on business. Nor has it been very strictly enforced, with many marketing list providers in particular getting away with non-compliance. That may change, she adds, with increasing public awareness of the issue and the relevant regulator, the Information Commissioner’s Office (ICO), set to gain new powers.

The ICO is seeking the power to levy fines of up to ten per cent of turnover for serious and reckless breaches resulting in harm to individuals,’ she says.

Though these cases will be rare, Barrett adds that some non-compliant companies are already feeling the pain in the form of reduced valuations. ‘You may think your customer database is a valuable asset in an M&A discussion, but no acquirer wants the cost of issuing notices and gathering consents,’ she says. ‘There are some real price reductions that result from a lack  of compliance.’
 

 
Comments

There are currently no comments on this article

Business Broadband from £6.97 pm with XLN’s Total Business Offer

Get your line rental, unlimited calls (01, 02, 03) numbers and business broadband with the XLN Total Business package. Keep your existing number and switch to big savings. Call 0800 987 58 08 or click here to find out how much you can save.

Pixmania-Pro

Europe's number one B2B electronics website. We offer a Dropshipping service for digital cameras, TV's, ipods, laptops, games consoles and much more. We stock over 25,000 products and give you the chance to sell our products without having to hold any stock. Click here.

Intuit mConnect: get more customers into your business

Looking for a way to get your customers to come back more often? Intuit mConnect is the tool you need!

Use Intuit mConnect online or on your mobile to send personalised text offers and greetings to your customers. It tracks responses automatically and lets you know what offers work. You'll quickly become mobile marketing savvy! Find out more at intuitmconnect.co.uk

Prize Draw

 

IT Trends for SMEs in 2010

Smallbusiness.co.uk has teamed up with network support company Lifeline IT to ensure your business' IT systems are in the best shape for 2010. Enter our short survey and your company could win two hours of free IT consultancy. To take part click here

Polls

 

Who was most supportive when starting up?







Site map

« Expand to view

Start a business

Small Business Finance

Business Banking

Technology in Business

Franchise Directory

Legal Advice

Office & Homeworking

Sales & Marketing

Employing Staff

Women in Business

About SmallBusiness.co.uk