OPINION: The challenge of protecting customer data

Steve Cox from reseller Technology Services Group shares his view
Author:
Publish date:
1-steve-cox-tsg.jpg

When you find a guide to the data protection act that’s 130 pages long, you know that ensuring your business is compliant isn’t going to be straightforward.

The data protection act relates to the personal information we hold on individuals, the way that information is stored, managed, processed and how long it is kept.

However, by applying a few simple but key business principles, it should be possible to address many of the requirements. But I suspect many businesses struggle to keep up, especially when working with legacy systems.

What’s more, it isn’t just customers that they hold information about – it’s also employees. The integration of social media feeds into marketing information blurs the line between what is business and what is personal.

But what happens in the event of a data breach? That’s before we address the vast array of malicious code out to attack us on a daily basis and the illicit efforts to capture personal information.

There are a number of dilemmas to consider: the advent of mobile devices (and sophisticated retail epos systems) should make it far easier to keep information up to date, but the devices themselves pose a significant risk factor. Even the most trustworthy members of society – if we still regard MPs in that way – are capable of leaving a mobile phone in the back of a cab.

In such a situation, passwords are of limited value and only encryption will suffice. Likewise, cloud-based solutions can do away with the need for separate back-ups, yet the weak link once again is the human interface.

Once a firm has worked out how the data protection act impacts their business, the challenge is to understand how their processes and their technology can work together to ensure compliance. As a VAR, our role is to guide them through the myriad of options.

Sadly, there is no simple, single answer to the question: “How do I ensure my business is compliant with the data protection act?”

In the absence of a specific definition within the act as to what constitutes ‘appropriate’ security measures, I’d strongly recommend consulting a trusted advisor.

And as with all things IT security related, it’s well worth applying some common sense.

About the author

Steve Cox is COO of value-added-reseller Technology Services Group

Related