ICO – Name and Shame

The Information Commissioners Office is now naming and shaming any one found in breach, or nearly in breach, of the data protection act, irrespective of if it was deemed severe enough to receive a fine.

How does this affect you? What impact would slack security policies, have on your image? If you can’t prove you keep information safe, can you fulfil your other duties to your customers?

If you discovered that an organisation that you use, and that holds your personal information, had been named and shamed for lacking in data protection procedures, how would you react? Would you take your custom else where, to a company that had not been named in such a way? As a business can you even take that chance?

In a time where the competition for business is stiff, it is imperative that you don’t stand out from the crowd for the wrong reasons.

The ICO has the ability to hand out crippling fines to a business or organisation that they deem to be in breach of the Data Protection Act, but it also names on their website, companies that are close to being in breach.

As far as the ICO is concerned personal data is categorised as:

“Data which relates to a living individual who can be identified –

(a) From those data, or
(b) From those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”

It is your responsibility to ensure that all the information that you hold is properly handled and properly controlled. The ICO also has the right to use criminal prosecution, non-criminal enforcement and audit, as well as the monetary penalties against those that are found in breach.

“The Commissioner may impose a monetary penalty notice if a data controller has seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress.”

The question remains, what procedure should you have in place to ensure that you are not found in breach? 

Well as far as the ICO is concerned there are some very basic measures that you should have in place such as, Shredding all your confidential paper waste and training your staff,  and checking the physical security of your premises. 

But there are also other measures that need to be taken, for instance, encryption on your computer systems, taking  regular back-ups of the information on your computer system and keeping it in a separate location so that if you lose your computers, you don’t lose the information. Allowing your staff access to only the information they need to do their job, and strict rules on sharing passwords. You should be downloading the latest patches or security updates firewall and virus-checking on to your computers. And when it comes to disposing of old equipment, you must securely remove all personal information before disposing of old computers (by using technology or destroying the hard disk).

Making sure that you have the correct policies in place is priceless when you consider the implications of not doing so. Its not just peace of mind, its good business practice.

Cookies and You.

Lets start at the beginning, what are cookies, and how do they effect me?

Cookies are small pieces of information that are stored on a user’s machine. They provide a huge selection of information to websites, such as your generic settings or a history of URLs you have visited, but most importantly it provides personal data, e.g. name, address, and what products are in a shopping basket at any time.

As it stands, internet browsers automatically accept these cookies, (based upon your privacy settings). However, the new cookie compliance law is looming ever closer, and it insists that all users should be notified whenever a website wishes to drop a cookie onto their machine. 

One possible option would be to serve a pop up window each time a new cookie is dropped on to the user’s machine, but this would limit the user’s web experience. The Internet Advertising Bureau (IAB) has suggested the use of an icon on adverts which when clicked, reveals information about the data being gathered. These are all possible ways that websites will be informing you, the user when they wish to put a cookie on your machine.

But questions start rolling and one of the main ones is: ‘Is it really necessary for the user to accept every single cookie a website attempts to store on their computer?’ ‘Will this not just slow the internet experience down?’

 If the cookie is crucial to the correct functioning of the website then the answer to how necessary it is for the user to accept every cookie, most certainly is yes. However, if that cookie is only used to store a preference such as the colour scheme or gadgets to show in a tool bar then it’s probably not essential.

A number of ‘officials’ have been working with the EU regulators to help provide a strict and clear definition as to how the legislation should be implemented, but to also consider what type of cookies should be subject to the legislation, as of yet, the exact criteria is unknown.

The law, which was scheduled to come into force on 26 May 2011, has since been delayed by one year, due to a lack of preparation in the UK, comes from an amendment to the EU’s Privacy and Electronic Communications Directive. It will require UK businesses and organisations running websites in the UK to get ‘informed consent’ from visitors to their websites in order to store and retrieve information on users’ computers, and one of the most common techniques of storing information is known as a cookie.

 The ICO has provided advice to help organisations start to think about ‘the practical steps’ they will need to take to remain compliant with the new law. 

As far as you the user is concerned, you can choose to allow these cookies or not, however if you do decide to decline them there will be a few changes to your current internet usage, for instance, a website would be unable to remember what you had in your shopping cart, they would be unable to remember passwords and usernames for you, and if your browser was to close down, you would be unable to resume your session, and in some cases you will not be able to log in. 

If these will be the only changes to your internet experience, that remains to be seen, and all will become clear once ‘The Cookie Compliance Law’ is enforced.

Could Online Back-up be your knight in shining armour?

What price do you put on your reputation?

A wise man once said: “It takes many good deeds to build a good reputation, and only one bad one to lose it*” Though that was said many years ago, it speaks volumes in today’s electronic culture. We so heavily rely on our computer systems for every aspect of our business, yet a lot of us leave our vital systems wide open to threat.

If you had precious items in your car, you wouldn’t leave the roof down would you? The same can be said about your systems, if you don’t back up your system, and there was a fire or a flood, and all your hardware was destroyed, how would you manage?

According to new research from the ‘Ponemon Institute’, the damage to your reputation that comes with a ‘major data loss incident’ can cost more than the loss of the actual data itself.

The research found that with each record lost it costs businesses $214, which not only includes the costs of informing those involved, and of course ‘recreating’ the records, but it includes the customer and media backlash that comes from admitting that you lost data.

There is more at risk than sheer embarrassment, its becomes a game of damage limitation, which is why it’s more important than ever for businesses to ensure that they have forceful backup solutions in place. “A reputation for a thousand years may depend upon the conduct of a single moment.**”

Now ask yourself, how much does your reputation mean to you? And what should you do to protect it?

*Benjamin Franklin
** Ernest Bramah

A PC has gone to the Rombus cloud

Rombus thought you might like to hear a story.

Like many businesses, Rombus has members of its staff who often work from home. We already make use of an IP Telephony solution so when members of Rombus call head office or vice versa it’s a free call; however it doesn’t mean they call in more though.

Even though we are an IT company we still suffer from hardware failure and one of our computers was on the brink of going to PC heaven so we thought why not virtualise the computer and give it an afterlife. Using VMware Convertor we converted the machine in a few hours and have moved it onto our virtualisation setup. 

The machine is now accessible from anywhere with an internet connection using a remote desktop connection and is automatically backed up every night. 

Our developers often need test environments for web development, diagnosing or testing of new software and so instead of the hassle of hardware and networks, we simply clone an existing machine suitable and have an environment setup for testing to help us diagnose or test systems faster. 

We used to have 7 big physical servers in our office and now we have 1.

We are very proud of our datacentre setup which utilises virtualisation and the services it can offer our customers. 

Why not check out our virtualisation page: http://www.rombus.com/solutions/virtualisation to see how it can benefit you now.