Over recent months there have been two high profile data breaches by the Ministry of Defence, highlighting the importance of compliant data protection procedures and the consequences when these are not followed.
The first instance relates to the locations of British submarines. An employee from the Ministry of Defence took the classified documents out of the office and somehow left them at a bus stop in Kent. The employee did report the loss of data at the time.
The second instance relates to the identities of interpreters who assisted British forces in Afghanistan. An employee circulated an email listing the names and email addresses, as well as some photos, of 250 x Afghan citizens who were requesting refuge in the UK following the takeover of the country by the Taliban. The mistake was reported immediately, and a second email circulated to request deletion of the first email.
Both the above examples could have been easily avoided by following data security policies however there always remains the human element and mistakes do happen. Unfortunately, some may have significant consequences, whilst others may go by unnoticed. As a company or organisation, it remains your responsibility to ensure the security of data at all times.
Data security refers to the process of protecting data from unauthorised access and data corruption throughout its lifecycle. This refers to both physical and electronic data. It is an essential responsibility within any company or organisation to avoid security and data breaches such as these. Procedures should be in place to ensure compliance; the correct steps being followed to minimise risk. Loss of data, known as a Data Breach, not only results in a loss of reputation and confidence in your company, but may also result in a monetary fine from the Information Commissioner’s Office (ICO).
The introduction of the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 means personal data must be protected at all times and cannot be processed or utilised without prior consent. These both contain guidance that companies must take to be deemed compliant, and steps to follow should a Data Breach occur.
For any questions on how Ardington Archives can assist you with data security, contact us on email@example.com