It has been widely reported over the last couple of weeks that the American and British security services have spent huge amounts of time and money trying to break the encryption of popular internet services such as Google, Facebook and Amazon. As well as using their encryption breaking skills to spy on terror suspects and foreign governments they have also reportedly been using them to spy on commercial companies. While the activities of spy agencies may seem a long way away from you average new business, encrypting and protecting data is something that you need to know about when you start a business.
If you intend on keeping records of your customers, customer enquiries or client contacts then you are probably going to need to register for Data Protection with the ICO. The general rule of thumb is that if you keep information which could be used to identify an individual (e.g. names, addresses, phone numbers) then you need to be registered with the ICO as a Data Processor.
As part of the data protection regulations anyone keeping information which can be used to personally identify and individual has a duty to keep it secure. Failure to keep this kind of information secure can lead to large fines and prosecutions. In most cases these fines result from laptops or hard drives being lost, or information being emailed to the wrong places rather than spy agencies hacking into computer systems. There have even been cases of organisations being fined for breaching data protection after having computers stolen from their offices.
In June 2013 Glasgow City Council were fined £150,000 after two laptops were stolen from one of their buildings. One of the reasons the fine was so high was that the laptops were not encrypted. Since October 2012 the ICO have decided that all personal data help on laptops, mobile devices or portable media has to be encrypted. Simply putting a password on it is not enough. Even if it is not your fault that your data is stolen the ICO will consider it a breach of data protection if you rely on a password rather than encryption to secure your data.
Encryption works by churning your data through a series of algorithms until it is unrecognisable. The only way to put it back together again is if you have the original encryption key. Encrypting your data is usually fairly easy and can be done by simply installing some encryption software. If you have a Windows laptop then it probably has BitLocker on it. This can be used to do basic encryption, there are also a variety of free tools on the market such as TrueCrypt and Sophos SafeGuard which you can use to encrypt your data. Things can become slightly more complicated if you are using cloud storage solutions such as Google Drive or Dropbox. These services tend to have their own encryption but you need to make sure it is strong enough to cover your needs as far as data protection goes.
You can find out more about encryption and online security on the Get Safe Online website. If you are not sure whether you need to register for data protection you can give our business consultants a call on 01245 492777 and they will be happy to discuss it with you.