Last updated: 29.06.17

Data protection at work: Everything you need to know

The internet and technology means that new data is being created at a speed we have never seen before. This makes it all the more important for information to be protected.

In today’s world, every business uses and needs technology and the internet. If we don’t utilise these tools, we will fall behind. It’s as simple as that. And there’s no denying that they are crucial to businesses and the economy in general.

However, the rapid speed that technology is advancing means that every single minute, huge amounts of data is being created. While some of this information holds no value and is disposable, a huge chunk of it comes from organisations, businesses and governments and is highly-sensitive or private. Should this information get into the wrong hands, or if systems fail and data becomes inaccessible, huge problems will arise that leave whole businesses and organisations at a standstill.

Earlier this year, the NHS fell victim to a vicious security breach, where the medical records of 26 million patients were at risk. This came amid warnings that the IT system used by thousands of GPs is not secure and caused problems in more than 150 countries. The culprit, WannaCry, also targeted huge organisations including Telefónica, Deutsche Bahn and FedEx. So how can we protect our businesses against data breaches?

What is the Data Protection Act?

The Data Protection Act monitors how your personal information is used by organisations, businesses or the government. Every person that is responsible for using data must follow strict rules called the ‘data protection principles’.

Under these rules, information must be used fairly and lawfully, for limited and specifically stated purposes, accurate, and in a way that is adequate, relevant and not excessive. Information must also kept for no longer than is absolutely necessary, handled according to people’s data protection rights, kept safe and secure, and not transferred outside the European Economic Area without adequate protection.

Sensitive information (criminal records, ethnic backgrounds, political opinions etc) will be under stronger legal protection. Under this act, you have the right to find out what information the government and other organisations stores about you, and they are legally required to provide you with this information. The only instances when information can be withheld is:

  • In the prevention, detection or investigation of a crime
  • In the name of national security or the armed forces
  • For the assessment or collection of tax
  • For judicial or ministerial appointments

What is ransomware and how can we prevent it?

Ransomware is a type of malicious software that is designed to block access to a computer system until a sum of money is paid. This was the case in the NHS cyber security attack. Across the globe, this is an increasingly growing threat as cyber attackers become more advanced in targeting corporate networks.

Nevertheless, there are a number of steps (covering many aspects of IT operations and security) that any business can take to prevent these types of incidents occurring. According to PricewaterhouseCoopers (PwC), businesses must continuously plan, exercise and have the ability to restore systems rapidly from backups. They must also have crisis and incident response planning to ensure incidents are managed and resolved swiftly.

PwC also believes that businesses should have strong security hygiene policies and user awareness to prevent ransomware entering their IT environment through both technical controls and vigilant employees. To make effective use of work already done to prevent these attacks, PwC also recommends rigorous patch and vulnerability management.

Related resources