The second a business obtains a piece of confidential information is the moment security measures must be put into place to protect the business and the people the information pertains to. A business doesn’t have to be a government contractor to think about ensuring the privacy of documents and personally identifying information.
Ideally, every piece of information about a customer, client, business partner or employee should be kept confidential, but this is not always possible to do. Some examples of information that should be secured are:
- Names
- Telephone numbers
- Email addresses
- Physical addresses
- Blueprints
- Patent designs
- Research
- Financial details
While it is often overlooked in this digital age, physical data needs to be secured too. For instance, if running an architecture business and a project is to be kept under wraps for whichever reason the client has, especially in the case of government and military facility plans, blueprints and design plans should be kept under lock and key with limited access.
The secretary and the cleaning staff shouldn’t need to be privy to the details of where escape routes in the latest military research facility are located. File folders, contact information, billing information and everything else that isn’t public information should be kept in lockable cabinets or rooms.
Though it is harped upon, not everyone practices the safest digital security. Antivirus programs and software firewalls are, of course, helpful. However, they are not the only security points that need to be addressed. For example, a company that engages in researching highly-infectious viruses should keep data pertaining to the research on a company intranet that doesn’t have outside access to the Internet to protect it from potentially harmful leaks. Furthermore, not everyone needs access to certain files and computer networks.
Some small businesses may feel that it’s far too much work to be bothered with physically and digitally securing information. They may feel that they’re too small for anyone to notice or bother with. As far as the Information Commissioner’s Office (ICO) is concerned, a company could have one client and still be under breach of the Data Protection Act (DPA).
If a small business is caught with a breach concerning confidential information, the ICO has potentially unlimited fining power. The highest fine they’ve ever issued came in June 2012. It was issued to the NHS in the amount of £325,000 GBP. Fines are calculated based on whether a breach is the first one, how big an impact it may have or has already had and a number of other factors. Because the fines, except in special instances, do not have caps, a small business would benefit from ensuring the security of customer data.
About the Author: Andrew Morrell has been involved in the confidential paper shredding services for several years and believes in the importance of business security and managing data. He currently works for Russell Richardson.