Privacy

The privacy of personal data is of concern to all organisations.

Protecting personal data is a requirement under the Data Protection Act.  HM Government, the Information Commissioner’s Office (ICO) and the Financial Services Authority (FSA) are all cracking down on breaches of personal data, for example:

• PA Consulting had a £1.5m contract terminated by the Home Office after losing an unencrypted memory stick containing personal information.
• The Chief Executives of Several NHS Trusts have had to sign undertakings to implement remedial security measures following enforcement action by the ICO.
• The FSA fined Norwich Union Life £1.26m for not having effective information security controls in place to protect its customers’ confidential information.

Personal Data losses also significantly damage an organisations’ hard-earned reputation, leading to a loss of future business.  The 2008 UK Security Breaches Report states that 53% of the cost of a breach is due to lost business.

Activity offer two security consultancy services to help organisations protect personal information:

The Information Commissioner’s Office advises that Privacy Impact Assessments (PIA) are performed when considering handling personal information.

The Personal Data Handling Review assesses how you handle personal data and your compliance with the Data Protection Act, and provides a roadmap to implement best practice.

It should not be forgotten that the most significant breaches of Personal Data have been due to application security issues.  Activity’s CHECK and CREST approved Security Penetration Testing services will reduce the risk of loss of Personal Data by highlighting weakness in web facing applications.