Teach customers about data breach fines
Ciaran Rafferty says resellers must educate customers to prevent data losses and avoid penalties
Rafferty: Sophos has partnered a law firm to help in the education process
Recent high-profile losses of government data have caused concern among the UK public. There are now several high-profile databases from which information could go missing, such as a national DNA database, which contains the genetic records of more than four million UK citizens.
However, the Information Commissioner's Office (ICO) from 6 April has had the power to fine organisations up to £500,000 if they seriously breach the Data Protection Act.
Action will now be taken if the ICO is convinced a breach was deliberate, if the risk of the breach was known, if those in charge of the information at risk knew a breach might cause substantial damage or distress, and that the controller failed to take action to prevent it.
Data protection must therefore be a priority for any organisation. It is unacceptable to be careless and cavalier with personal information. The ICO hopes the substantial fines will act as a strong deterrent and heighten a sense of responsibility within organisations that harvest and store personal data.
We believe the public should insist that personal data harvesting and storage be controlled by legislation, judicial authorisation and consultation with security experts.
As such, we recently teamed up with a law firm to educate our network of partners and customers around the risks relating to IT security breaches.
Our channel partners are on the front line, trying to keep our customers fully informed on how to stay safe and protect themselves from prosecution in the event of a major data breach.
Resellers must have the knowledge and tools to truly articulate the risk, to impress on their customers the importance of adequate safeguards, and advise on the best course of action if a breach occurs.
Breakfast briefings, quarterly security forums, and white papers can all help with the education process. Organisations will require guidance on risk mitigation through implementing the right technologies.
Ciaran Rafferty is vice president for UK and Ireland at Sophos