Does a data processor have to inform the data owner of a security breach?

Although there is no legal obligation on data controllers to report breaches of security which result in loss, release or corruption of personal data, the Information Commissioner expects serious breaches (which are not defined) to be reported.

There should be a written agreement in place (a requirement of the Data Protection Act) and ideally this should give guidance. However the Data Controller is unlikely to be able to comply with their obligations if they are not told about the situation.

My web designer makes sure that my website complies with the law, don't they?

It’s really important to remember that the responsibility is with the executives of the business e.g. the owner, partners or directors of a limited company.

It you are investigated by a regulator it really isn’t much of a defence to say “My web designer said it was OK” as the British Pregnancy Advice Service found out to its cost. Read more…

If other people produce or manage your website the buck ultimately stops with you.

Our Website MOT will disclose compliance vulnerabilities.

Our Data Protection MOT will help strengthen your approach to data management.

Information Commissioner fine Hampshire County Council £100,000

Thank you to Mandy Tourle at Paperwise Solutions for letting us know about this recent fine from the Information Commissioner relating to the sale of an office in Havant.

Essentially personal data was not disposed of correctly meaning that people had access to it who should not have.

It’s a timely reminder when moving offices etc make sure that all confidential documents are destroyed or moved.

Read the full details of the Monetary Penalty Notice.

If you are concerned about the adequacy of your Data Protection procedures then our Data Protection MOT may be just what you are looking for. Find out more…

The three top risks to reputation

After receiving a poor performance review, an employee takes to social media and speaks negatively about the organisation and its leaders, creating a dialogue around the organisation’s culture that goes viral…

A cybercriminal discovers a vulnerability in an organisation’s security system, steals the Social Security numbers of millions of its customers, and demands a ransom payment for the decryption key needed to recover the sensitive data…

A third-party vendor fails to follow regulations when handling client records and inadvertently releases sensitive customer information, resulting in negative media attention and a steep fine for the organisation…

Read more in the source article: Triple threat: How to handle three top risks to reputation | Compliance Week

What does Privacy Shield mean for your private data and the businesses that hold it?

The EU-U.S. Privacy Shield was announced by the European Commission and U.S. Department of Commerce as a replacement for the Safe Harbor Framework.

Businesses using Facebook, Twitter, Google or similar are likely to have information that is stored or processed overseas and are thus affected.

Brexit will impact on data sovereignty and privacy and this should not be ignored.

Getting data governance right now will help. This means not only maintaining data appropriately, but protecting and disposing of it as well.

Read more in this insightful article by Lynn Collier COO at Hitachi Data Systems UK on the Computing website (opens in a new window)

We can help with our Data Protection MOT.