Published: 2014-12-12 14:24, Author: Unecom

Many firms have staff that work from home or use laptops and other portable devices such as memory sticks and CDs to store or transfer customer data. You should consider the risks to your customer data that could arise from these situations, particularly the loss or theft of a laptop or portable device.

It is poor practice for you or your staff to hold customer data on laptops and other portable devices which are not encrypted. The Information Commissioner has recently stated that firms should ensure that laptops and other portable devices used to store customer data should be encrypted. Companies and Advisors who own their own clients and, therefore, process their clients’ personal data are considered to be Data Controllers under the Data Protection Act (DPA). As such they are required to maintain an annually renewable Data Protection Notification.

A Cautionery Tale

The information Commissioner’s office (ICO) has fined Ealing Council £80,000, while fining Hounslow Council £70,000. These fines were for breaches of the Data Protection Act.

What did they do?

Two laptops containing the details of around 1,700 individuals were clients of Ealing Council and the remainder were clients of Hounslow Council. Both laptops were password protected but unencrypted. The key statement from the ICO is:

“There is no evidence to suggest that the data held on the computers has been accessed and no complaints from clients have been received by the data controllers to date but there was nevertheless a significant risk to the clients’ privacy”

These sorts of fines could easily be applied to companies and advisors found similarly culpable of failing in their duty as data controllers.

What you must do to be safe

Any portable machine that is (or can be) used to hold client data MUST be encrypted – it is sufficient under the act that the machine CAN hold client data. The only way to avoid having to encrypt is never to use the machine for business, even accessing email.

How Unecom can help

With Unecom’s Encryption Solution – utilising Mcafee Endpoint Encryption. We can:

Encrypt all portable devices (PC and Mac OS X)to full disk level in compliance with FIPS 140-2
Produce certified evidence the machines have been encrypted.
Arrange for a full disk copy to be taken BEFORE the encryption process begins.
Destroy the full disk copy once the encryption has been tested and is satisfactory.

What methods are avalible?

The suggested way forward is calling Unecom IT to arrange a bulk encryption session. This is the most economical route, 1 technician can encrypt up to 6 laptops.
Arrange an onsite visit for sole traders or small businesses where the full cost will apply.

What does it cost?

Please contact Unecom IT on 0116 241 7151 or for more information. Useful links from the Financial Services Authority:
Data Security in Financial Services
Your responsibilities for customer data security

Back to the blog