ICO launches data privacy assessment tool for SMEs

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.computerweekly.com/news/4500272100/ICO-launches-data-privacy-assessment-tool-for-SMEs

The Information Commissioner’s Office (ICO) has launched a UK data privacy
law compliance self-assessment tool for small to medium-sized enterprises
(SMEs).

The tool provides a rating of compliance with the Data Protection Act based
on responses to a questionnaire, and links to relevant guidance and
information.

Information commissioner Christopher Graham said good data protection
practice makes business sense. “It can lead to better, more efficient
customer service and help to protect and enhance your reputation. It could
also help you avoid a fine from the ICO.”

The questionnaire may be completed as one comprehensive assessment that
embraces the key obligations that SME’s have in relation to processing
their customer’s or client’s personal information.

Alternatively, the assessment can be broken down into separate checklists
so users can tailor it to their organisation’s particular needs and risks.

Self-assessment helps identify data gaps

According to the ICO, a number of SMEs tested the tool, and feedback was
“very positive”.

Andrew Webber, practice manager at Exeter Orthodontic Practice, said the
tool was useful to an SME dentistry business which holds and uses sensitive
medical data.

“It is imperative that we not only comply with data protection regulations,
but also strive to improve our information handling procedures,” he said.

Webber said the tool enabled him to review and identify any data protection
gaps and confirm that processes are sound.

“Our core business is providing a service to patients and part of this is
safely handling their data. If patients are not confident about our
professionalism they will not use our services,’’ he said.

SMEs put revenue at risk

To mark European Data Protection Day, the ICO issued a warning that
companies that fail to keep personal data safe risk long-lasting
reputational damage.

The information commissioner said that the negative impact created by media
coverage of data breaches can have a greater effect than any monetary
penalty imposed by the ICO.

Research published by the UK’s Cyber Streetwise campaign in 2015 shows that
SMEs are putting one-third of their revenue at risk because they are
falling for some common misconceptions about cyber security.

In the results, two-thirds of SMEs did not consider their business to be
vulnerable, and just 16% said that improving their cyber security was a top
priority for 2015.

More than a quarter of the SMEs polled believe that only companies that
take payments online are at risk of cyber crime and 22% believe SMEs are
not a target for hackers.

This is despite the fact that SMEs are proving to be a big target because
they hold a lot of data useful to cyber criminals, but typically lack the
ability to keep that data safe.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.