One of the key things any organisation has and needs is information. And a lot of that information will be personal information about its customers/clients, employees, and other people that the organisation deals with. That information is precious, very precious. Which means that information must be taken care of, looked after, protected.
Why? Because that information is a valuable business asset. Because the privacy and trust of those people, (those customers/clients, employees and others) should be respected. Because it’s the law: The Data Protection Act 1998.
When it comes to protecting information many organisations leave it to ‘the IT guys’ and only do what is mandated by legal or regulatory requirements, often taking the least-costly option aimed at ensuring minimal compliance.
But the law requires all organisations that control personal information to have in place appropriate technical and organisational security measures to protect against unauthorised processing, accidental loss, theft, destruction or damage.
These days, all organisations operate in an environment where hacking is always in the news, people are demanding compensation when their personal information is lost or leaked, fines for breaching the law are becoming much more common and the law is about to become much more onerous.
All of which means that information protection is a real and immediate risk that needs to be addressed in a more holistic way than it has been in the past. It’s not something that should be left to ‘the IT guys’; it’s a key issue for any organisation, one that is, (or should be), a topic of conversation for the boardroom.
So, how should your organisation approach this? Sounds like another installment! Watch this space or, if you can’t wait for that:
CALL 07902 305989