Half a million reasons to beware!

Half a million reasons to beware!

Today was the day that the ICO’s got the power to fine companies for data breaches with the amendments to the Data Protection Act finally coming into force.  With the UK somewhat behind some of the EC this brings us closer in line with the the European Commissions E-privacy directive that the UK signed up to some years ago to uphold the privacy of individuals and specifically personally identifiable data.  A lot has been written about this subject but what does it mean and how does it affect your business?

If your business stores/holds personally identifiable data about individuals, that data is now governed by the Data Protection Act.  If your company has personally identifiable data your company is legally obliged to register themselves with the ICO and appoint one or more a Data Controllers within your organisation.  It is then that persons responsibility to ensure that all personally identifiable data is stored and distributed in a secure manner.  This affects both the data stored within the organisation but the bit we get involved in is the ‘distribution’ or the data, to third parties, customers, suppliers, remote offices or remote workers.  This data now needs to be secure & managed file transfer so that you have a complete audit trail of who sent what, to whom and when – also providing information on when the information was downloaded and if possible where they were when it was downloaded.  Simply put you need to know what’s happening with your data at all times!

ico_logo

Why should I go and implement new systems, who’s going to know it was me?  Well you could take this approach and to be fair a lot of companies will lose data and won’t get caught but would you seriously want to take the risk that the ICO could find out due to your data ending up somewhere its not supposed to be.  The consequences are up to 10% of turnover (up to a maximum of £500,000) and public humiliation when the ICO provide their statutory reports on which companies have had breaches.  Given that the ICO have been a little bit slow in getting to this stage according to the EC who threatened to fine the ICO at the end of last year you can expect that the ICO will want to take the opportunity to make a statement to the EC when they get the opportunity.  Personally I’d rather it wasn’t my company getting noticed for the wrong reasons – remember TK Maxx?

So what should I do?  Well, if you’d like to speak to someone who’s able to provide you an independent insight into the best way to move your data securely within any given business scenario then you should give Pro2col a call as we’d be pleased to help.  If you don’t want to do anything then good luck and keep your fingers crossed because the ICO are coming!

Healthcare Industry Beware!

Healthcare Industry Beware!

Recent reports have highlighted that hospitals and physicians in the US have been given a deadline of 2015, to convert all health records into digital form and then, to deploy the accompanying technology to handle these digital assets.  Considering only about a quarter of the US population’s health records are digitally stored – this is a bit of a tall order!

healthcareMakes you wonder whether, no lets rephrase that, WHEN the UK will follow in their footsteps.  For those organisations operating in the health sector, it may be wise to start reviewing the security and efficiency of you’re file transfer systems now, especially when you take into account the increased ICO powers of enforcement due to come into effect on 6th April 2010.  If a similar mandate were to come into force in the UK, in order to avoid possible fines of up to £500,000 organisations would need ensure that sensitive client files were secured when being transported between locations.

If your a healthcare organisation and you want to review or evaluate your large file transfer processes, please get in touch with the team at Pro2col on 0333 123 1240.  We offer a comprehensive range of secure file transfer solutions and we’re always happy to help.

Email Attachment Management – The Future of Ad Hoc File Transfer

Email Attachment Management – The Future of Ad Hoc File Transfer

Email is probably the best known and most widely used internet service in the marketplace to date.  With an estimate quarter of the worlds population on the internet and a total of 418,029,796 users in Europe (over 50%), figures indicate that 92% of these users either send or read email.  As technology progresses and file sizes increase, moving data between geographically isolated locations has become more challenging.  Many businesses rely predominately on email for their daily communications and operations but unfortunately, it is being used for purposes it was neither designed nor intended to cope with.  Using email for ad hoc file transfer can cause huge problems for businesses in terms of  cost, efficiency and reliability.

email_attachement

So if we can’t email large attachments, what can we do?  Introducing our latest white paper; Email Attachment Management – The Future of Ad Hoc File Transfer, which is available for download now.  It addresses the issues surrounding the ad hoc transmission of large files and details how email attachment management solutions enable businesses to email large attachments, minus the problems associated with standard email.

If you would like to discuss any of your file transfer requirements ad hoc or otherwise, please contact Pro2col on 0333 123 1240, we are always happy to help.

Secure File Transfer Standards – Are you Compliant?

Secure File Transfer Standards – Are you Compliant?

With the sheer abundance of security standards, laws and legislation in our society nowadays, it’s really easy to get overwhelmed.  Although a necessary measure to safeguard individual’s confidential information and protect your business against prosecution, it can be difficult to fathom which laws apply to your organisation when it comes to secure file transfer.

To complicate matters further, legislation varies between continents, in the US even between states!!  As a result, we have put together a succinct guide detailing some of the most high-profile legislation governing the US and UK in terms of secure file transfer, including some standards that are recognised internationally.  These include acts such as The Health Insurance Portability Act (HIPAA), Sarbanes Oxley (SOX), Gramm-Leach-Bliley and The Data Protection Act, as well as industry standards like FIPS and ISO 27001.

data_protection_act

Unfortunately it doesn’t end there.  Once an organisation has established which legislation applies to their business, they then have to make sure that their systems and procedures are actually compliant!  Thankfully, accompanying the majority of legislation is compliance testing – a sure-fire way to guarantee investment in technology and solutions that meet the secure file transfer requirements stipulated by government.

If you would like to discuss security compliance in terms of secure file transfer solutions, don’t hesitate to get in touch – we are happy to provide advice and support, 0333 1231 240.

ICO gets new powers to address data protection negligence

ICO gets new powers to address data protection negligence

Announced earlier this week by the Ministry of Justice, amends have been made to the Data Protection Act of 1988 that when passed in April 2010 will allow the ICO to impose fines of up to £500,000 on organisations found to be negligent regarding the privacy of personal data.

Justice Minister, Michael Wills, said: “We want to ensure that the Information Commissioner’s Office has the powers it needs and is able to impose robust penalties on those who commit serious breaches of data protection principles.”

ico_logoTo be subject to the fine there are certain criteria to be met, but the one that should make existing Data Controllers sit up and take notice is:

If the data controller knew or ought to have known that there was a risk that the contravention would occur, and that such a contravention would be of a kind likely to cause substantial damage or substantial distress, but failed to take reasonable steps to prevent the contravention.

If you’re a Data Controller responsible for your companies data security how does this announcement make you feel?  If you’d like a no-obligation discussion regarding your data security and secure file transfer requirements contact Pro2col today on 0333 123 1240.

Article continues here

UK businesses under increasing pressure to step up data privacy

UK businesses under increasing pressure to step up data privacy

The European Commission (EC) have publicly stated that the UK Government is not adequately enforcing European data privacy laws and is ready to clamp down on them in 2 months time.  Reported on the Infosecurity web site and backed up by our recent discussions with the ICO; next year is likely to be the year in which Enterprises feel the full force of European legislation regarding the data privacy.  Enterprises will be under increasing pressure to ensure that every step is taken to secure data both at rest (internally) and in transit (e.g. securing file transfers).judge-hammer

The powers at the disposal of the ICO are also being addressed with individuals responsible for data security breaches potentially being liable for custodial sentences.

Read more: European Commission warns UK over privacy legislation.