• home page
• about the firm
• press office
• contact us
• business sectors
• practice areas
• seminars
• publications
• recruitment
• trainees
• technology

terms & conditions

• latest press releases
• previous releases
• search press releases
• articles
• consultation papers
• surveys
• media centre
• press team
• contact us

 

Last week’s reports that record numbers of companies and Government departments are fuelling a £1.7billion a year crime racket by failing to protect people’s privacy, highlight the need for businesses to ensure adequate steps to safeguard personal information, says Simon White, data protection expert at law firm Browne Jacobson.

 

Among those criticised were mobile operator Orange, for compromising security by giving its entire call centre staff the same computer log-in, and high street banks for dumping customers’ details in bins, and who

 

Under the Data Protection Act, businesses are required to take appropriate security measures to guard against accidental loss of, damage to and theft of personal information.

 

In addition, businesses are liable for the acts and omissions of sub-contractors who dispose of their waste.

 

“Exposing personal information puts businesses at risk of fraud and customers at risk of identity theft,” says Simon.

 

“Businesses must have strict procedures in place for the safe disposal and protection of confidential and personal information, or potentially face legal proceedings.”

 

So what can businesses do to effectively safeguard customer data? Simon recommends that businesses look to implement the following steps:

 

• Ensure a clear understanding of their obligations under the Data Protection Act in respect of their use (including destruction) of personal data.
  
• Ensure that websites and online payment systems are secure, and that they protect customers from identity fraud
  
• Ensure that policies are in place regarding online access of personal customer information by staff and third parties
  
• Have written agreements with data processors (- including sub-contractors who dispose of personal and other confidential information - requiring them to comply with the Data Protection Act. This should include an indemnity from any acts and omissions on the part of sub-contractors.
  
• Put in place policies regarding the use of confidential shredding bins when discarding personal information relating to customers, employees and other third parties.
  
• Ensure that these policies are communicated to employees and properly enforced.

 

Return to Headlines