Any company that stores or processes personal data is subject to the Data Protection Act (DPA). Increasingly, the ICO is clamping down on breaches of the DPA and simply losing a laptop with unencrypted data on is now potentially enough to result in an expensive fine. Any personal data should be password protected and encrypted, particularly if it is held on a portable device.
The Information Commissioner's Office has made the first use of new powers to fine organisations for data breaches. Two organisations - Hertfordshire County Council, and employment services firm A4e - were fined £100,000 and £60,000 respectively for failures to comply with the Data Protection Act.
As well as the physically security issues of losing personal data on a data storage device or laptop, care should be taken when transferring data from one site to another. The chance exists that the data may be intercepted and everything must be done to reduce the risk.
There are many methods for transferring data, at data8 we support all of the commonly used secure ways of transmitting data, our security policy is built on the industry standard ISO 27001. However, we do need to work within our customers' requirements and understand that it is sometimes necessary to find a compromise between best practise and ease of use.
Web (https)
The easiest way to manually send a file is to use a secure web browser, the traffic to the page should be protected by high grade AES 128 bit encryption, as seen on our website where customers access our data cleansing services. data-8.co.uk/data8online/bureauservices.aspx. You will be required to enter a username and password or you can register if you don't have one.
FTPS / SFTP
File Transfer Protocol (FTP) is a standard network protocol used to copy a file from one host to another over the Internet. Secure FTP (either by FTPS or SFTP) is a great way of automatically sending data. Both methods are very secure and again you will be required to enter a username and password to transfer data.
Email with PGP
Email is not as a secure method of transferring data. However, it is when used with Pretty Good Privacy (PGP) a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. Any data transferred is securely encrypted and can only be decrypted by the intended recipient.
Other Methods (not recommended)
Most companies can receive or transmit files by other methods including methods that are very convenient but where the data is not encrypted. However, to use these methods, our security policies require us to request your permission to transfer data using these methods. A simple email detailing your preferred method will suffice.
Top Tip
Please try to encrypt the data in some way. A password protected zipfile is not perfect but it is much better than no encryption at all.
Some useful Links
Filezilla - http://filezilla-project.org/ - a free FTP solution supporting FTPS and SFTP.
GnuPG - http://www.gnupg.org/ - a free implementation of the OpenPGP standard.
GPG4win - http://www.gpg4win.org/ - a free windows front end to support GnuPG.
DataSeal - http://www.dma.org.uk/information/dsl-introduction.asp - The DMA security standard for Data Security