Cyber Security Survey shows need for vigilant approach to data protection

Published on: 28/04/2017

#Data Protection

The government recently published its 2017 Cyber Security Survey results. Of note:

  • 46% of British businesses discovered at least one cyber security breach or attack in the past year;
  • Common breaches include issues surrounding fraudulent/phishing emails, viruses, spyware and malware; and
  • Only 26% of businesses reported an attack to an external agency.

The findings illustrate the importance of data protection measures. The Data Protection Act 1998 (DPA) imposes certain obligations, including a requirement for organisations controlling personal data to implement “appropriate technical and organisational measures” to protect personal data from unauthorised and unlawful processing. This includes security measures appropriate to the nature of the personal data to be protected, as well as the harm that might result from any unauthorised or accidental loss, damage or destruction of such data.

The ICO (Information Commissioner’s Office) guidance states that to manage a breach of security, organisations should:

  • Adopt a recovery plan;
  • Asses ongoing risks associated with the breach;
  • Consider whether a breach of security should be notified, who should be notified and what information should be given;
  • Evaluate the cause of a breach and the effectiveness of its response to it; and
  • Consider whether to notify individuals affected by a data breach, and of any steps they should take to protect themselves.

Currently, the ICO only expects to be notified where there has been a serious breach. However, this will change in 2018 when the EU’s General Data Protection Regulation (GDPR) takes effect. The GDPR imposes much stricter obligations, including the requirement to notify the ICO of all data breaches without undue delay (and where feasible within 72 hours), unless the data breach is unlikely to result in a risk to individuals.

With the ICO having the power to fine organisations up to £500,000 for failing to comply with the DPA (which will increase to the greater of 2% of annual worldwide turnover or €10 million under the GDPR), data protection is a key issue for businesses and the consequences of non-compliance can be costly.

 

 

Clarkslegal
contact@employmentbuddy.com +44 (0) 118 958 5321

Disclaimer

This information is for guidance purposes only and should not be regarded as a substitute for taking professional and legal advice. Please refer to the full General Notices on our website.

Related HR Articles

26 Oct 20

ICO Updates Right of Access Guidance

Following extensive consultation that began in December 2019, the Information Commissioner’s Office (ICO) has finally published their updated guidance on the Right of Access, namely the ability for an individual to submit a Data Subject Access Request (DSAR) to a processor of their personal data.

13 Jul 18

Facebook to pay for data protection breaches
The ICO has announced that Facebook will be fined the maximum possible amount of £500,000 for its breaches of the Data Protection Act in relation to the Cambridge Analytica scandal, an amount that pales in comparison with the new fines introduced under GDPR. We previously blogged on the scandal here.

20 Jun 22

DSAR: Do I need to provide names if requested?

Under the General Data Protection Regulation (GDPR), in both the EU and UK versions, employees have the right to request access to their personal data from their employer called a Data Subject Access Request (DSAR).   
More HR Articles