Media Alert: Data-holding organisations to ensure the privacy and protection of their users

At the end of last week, the BBC reported that from March, all Internet Service Providers (ISPs) will by law have to keep information about every email sent or received in the UK for a year.

Considering the amount of data losses over the past year, it will be vital for the data-holding organisations to ensure the privacy and protection of their users as well as their data-management practices.

“Information protection is the responsibility of every single company and government department,” says Dr. Guy Bunker, Chief Scientist at Symantec. “If the problem is not taken seriously, any data loss incidents can not only create a huge financial burden, but also cost the company’s reputation.”

There are measures that can be taken to reduce the risks of data loss. Symantec’s advice includes:

• Ensure your employees are aware of, and educated in, data loss avoidance processes and procedures.
• Lock down computers, mobile devices and removable media using software and/or physical means; e.g. use a secure password, automatically lock screens when computers are left alone; encrypt the data, use a Kensington Lock.
• Implement network access control or network segmentation to ensure that teams and individuals only have access to relevant systems and information.
• Monitor data within the IT environment to prevent potential leaks or warn the user of sensitive or confidential information.
• Centralise backup at the network level to eliminate the need for local devices.

“By following these measures and implementing a comprehensive Information Protection Policy, businesses could evade damage to their reputation and the financial implications that often follow a data breach,” says Bunker.