The Legal and Practical Reasons to Create a Data Protection Policy

Does your company have a data protection policy? A data protection policy reduces privacy breach risks and ensures that your organisation is securely storing, accessing and distributing the personal data it collects. Here we suggests several reasons why it is good to have an up to date data protection policy.

Your legal responsibility

The Data Protection Act of 1998 provides individuals with the right to know what information is held about them and offers a framework to ensure personal information is handled properly. Under the Act, organisations are required to make sure personal data is:

• held securely
• not kept longer than necessary
• protected from unauthorised use

The Information Commissioner’s Office (ICO) enforces the Data Protection Act. Failure to comply may create criminal liability for your company’s officers.

Protecting customer privacy

A strong data protection policy not only helps ensure your compliance with the Data Protection Act, it also fosters customer loyalty. Many individuals are likely to stop using the services of an organisation that had suffered a privacy breach, in fact almost immediately they think twice about who they trust with their information. To maintain your customer base, it’s crucial to maintain strict control over the ways customer data is retained, distributed, protected and destroyed.

Safeguarding employee records

Under the Data Protection Act, your business is also responsible for protecting the personal information collected from your employees. If an employee feels their information has been mishandled, they may also report your violation to the ICO. To remain compliant, your data protection policy should incorporate measures for safeguarding employee records. Keep personnel files under lock and key at all times and never share or distribute an employee’s information without their consent.

Safeguarding backup media

Backing up your data is a best practice. But the very next step should be protecting your back up media from theft. The portability of data tapes, hard drives and USB flash drives makes them convenient, but it also makes them easy to steal. Consider using adata tape rotation service to securely store your backups offsite in a purpose-built media vault.

Looking after paper records

Your data protection policy should also provide guidelines for keeping your paper files secure. A professional, offsiterecord storage serviceprotects documents from theft, fire and flooding and only provides access to designated personnel in your organisation. When you use an offsite record storage service, your paper records are stored in a record centre equipped with the following features:

• secure loading and unloading areas
• perimeter security
• motion detectors and video surveillance
• fire suppression systems

Barcode technology tracks your document inventory during storage, and an online document request system allows your organisation’s authorised users to request file delivery and pickup.

Destroying confidential waste

Your data protection policy also needs a reliable method for disposing of confidential waste. Sensitive paperwork, redundant IT equipment and unwanted branded material should always be destroyed at the end of its retention lifecycle. Asecure destruction servicehandles the destruction of your confidential business in accordance with the Data Protection Act. You should then receive a destruction confirmation certificate as proof of your organisation’s compliance.

It’s never too late to start a data protection policy for your company.

Yorshred can assist you with any of these needs and are happy to advise your business on best practice for the management of your data.