Monday, October 27, 2008
So, here we are again with another case
in the series of data handling blunders. The recent careless use of
personal data of the Luxembourg branch of Kaupthing bank confirms that
proper data handling procedures are crucial. Email addresses of
customers were leaked due to the misuse of email.
Inadequately
defined procedures for data handling can, and will lead to improper and
careless handling of personal data. We've seen this occur countless of
times. For example, not too long ago, 25 million records were lost by
the HM Revenue and Customs and according to the investigation, the
problem was not with individual workers, but due to the lack of
processes for data handling.
All organisations should have
reasonable security measures to protect personal data from misuse,
loss, unauthorised access, and abuse. These measures can be stated in a
Data Handling Manual, and must be implemented in a way where all
concerned parties are well informed of the handling procedures. It is
simply a guideline for handling personal data that should and must be
adhered to by all in an organisation.
Unfortunately, in most
companies, not only are such manuals non-existent, but where there is
such a manual, it is usually collecting dust in some shelf and most
employees and contractors are not even aware of or do not adhere to the
manual. The other problem is the fact that lack of adherence is usually
not noted or if it is, it is not reprimanded regularly - well, at least
until a big foul-up happens and becomes the headlines of major
newspapers.
It is perhaps more than timely for organisations to
draw up these guidelines and train their personnel, ensuring regular
audits to maintain adherence - in addition to appointing data
protection officers and registering processes of personal data.
If you would like some help in customising a data handling manual, please review our
privacy policy and then contact Lee & White.
Category: