All your resources at your fingertips.Learn More
Ben Waterton - Partner, Lockton, https://www.lockton.com/
Data security is usually something associated with information held on a computer file, but you don't have to look far to come across stories of paper files, memory sticks or laptops being lost in public places, left on public transport or stolen from cars. In more sinister cases, such as the well publicised matter affecting T Mobile recently, employees have been caught selling information.
No matter how the data is lost, it creates significant privacy and security issues for the individual concerned and is a growing worry for many in the accountancy profession that hold extensive and often sensitive information about clients.
In the UK and Europe, the European Data Directive covers privacy of information and consumer control over data. Its primary focus is to protect consumers, rather than define types of crime, but as a result of its provisions and a rising number of incidents nationwide, consumers everywhere are becoming more aware of the problems and more keen to enforce their rights. Increasingly, they want the authorities such as the Information Commissioner, or the Financial Services Authority (which regulates banks andfinancial institutions) to have greater powers to investigate and prosecute.
The result is that the UK government, and now the Information Commissioner, are focusing on data privacy like never before, issuing much larger fines and getting much tougher on improvements in security. While the size of imposed fines may focus a company's mind on tightening up procedures, the real incentive for them is to avoid long term damage to their reputation. Evidence shows that after significant data breaches, customers lose trust and take their money and business elsewhere.
The frequency, scale and increasing sophistication of attacks in the banking sector has caused significant financial loss and inconvenience, leading banks to be at the forefront of developing potential solutions. Retailers (most recently TK Max) have also been targeted and are making improvements, but many small to mid-sized businesses lack the resources to protect effectively against data loss.
With so much at stake, a good first step is to look at IT security, since this is the most frequent cause of data breach. In the first instance, for any data security improvement program to succeed, it has to have the 100% support of senior management. IT security is an imperative and key area of investment. If it doesn't start in the boardroom, nothing will happen.
Not only do accountants need to keep a close watch on their UK operations, but also to keep a check on any offshore partners handling their more routine items. Partners need to apply the same procedures and controls to ensure that customers' personal data is protected.
Insurers can provide protection for companies against the cost of defending claims and compensating their consumers for breach of privacy, but they will only do so if those companies can prove that they are doing everything in their power to put customer security at the top of their agenda.
The only book available that deals exclusively with such companies