Wednesday, 26 July 2017

ICO: Don't Illegally Share Personal Information

Having access to the personal information of clients or customers is a privilege that allows businesses to stay in business. It is also a privilege that must be protected. According to the Information Commissioner's Office (ICO), there are businesses and individuals guilty of not protecting personal information. The ICO is now warning those who have access to personal information to be more careful.

The recent ICO warning comes on the heels of the successful prosecution of a recruitment manager who illegally disclosed personal information to a third-party recipient without the knowledge and consent of victims. The man, 39-year-old Stuart Franklin from the West Midlands, provided the information to a hiring agency while he was in the employ of HomeServe Membership Ltd.

An official report from the ICO says that Franklin sent copies of 26 CVs to a recruiting company during his time with HomeServe. Those electronic documents contained sensitive personal information on the individual applicants. Franklin had no legitimate business reason to do so, and he never sought the permission of the owners of that information.

After the successful prosecution based on S55 of the Data Protection Act, Franklin was ordered to pay a total of £994 covering his fine, court costs, and a victim surcharge. As for the ICO, Head of Enforcement Steve Eckersley produced a statement which said, in part:

"We're asking people to stop and think about the consequences before taking or sharing information illegally. Most people know it's wrong but they don't seem to realise it's a criminal offence and they could face prosecution."

The Human Factor: A Big One

Most of what we hear about in terms of data centre and network security is directly related to hacking by outside sources. That is a big problem indeed. But equally problematic is the human factor. As the Franklin case demonstrates, you do not need sophisticated hackers with equally sophisticated hacking tools to create a serious security breach that could ruin lives. Sometimes all it takes is a careless employee who passes along confidential information without giving it a second thought.

Organisations should absolutely take every effort to ensure networks and data are completely secure. Doing so goes beyond hiring competent IT staff and installing the right kind of hardware and software. It is also a matter of educating employees about their responsibilities for safeguarding personal information, then routinely updating training and conducting audits.

If we are to truly secure our data against theft and misappropriation, we all need to do a better job of protecting it with whatever means are available to us. Employees need to be careful about illegally sharing information they are not authorised to share. Individuals have to be more diligent about the information they share and the reasons for doing so.

In the meantime, the ICO is reminding employers and other organisations that passing along personal information belonging to someone else is not legal unless consent has been obtained and there is a legitimate business reason for doing so.

No comments:

Post a Comment