0370 270 6000

Recent data breach reminds data controllers of their security obligations

3 December 2015

A recent data breach at an organisation which manufactures and sells computing devices targeted at children will remind companies not only of the threat posed by hackers, but also of their own data security obligations.

The seventh data protection principle requires that data controllers (as defined by the Data Protection Act 1998) take appropriate organisational and technical measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

The company in question has admitted that its databases were “not as secure as they should have been”, and third party testing has shown that its devices themselves are also vulnerable to basic hacking techniques.

Data controllers may argue that it is impossible, without going to extraordinary measures, to militate entirely against hackers. However, where an organisation suffers a data breach and can be shown to have poor security measures in place, the ramifications from both the ICO and the public are likely to be much more severe than against an organisation which can be shown to have employed reasonable levels of protection.

Related opinions

Are you investing enough in omni-channel retailing and branch IT?

Zynstra, a specialist IT solutions provider, has published a white paper which looks at branch IT solutions for retailers.

View blog

Retailers missing out by not going mobile

We’re told that omni-channel retailing is the way forward if you want to be a successful retailer in today’s world.

View blog

new IP crime and online piracy police unit

In December 2012, business secretary Vince Cable first announced plans to establish an IP crime and online piracy police unit.

View blog

Mailing list sign up

Select which mailings you would like to receive from us.

Sign up