Firms must organise their data or face prosecution

Organisations should introduce information lifecycle management systems to avoid the risk of fines under the Data Protection Act,...

Organisations should introduce information lifecycle management systems to avoid the risk of fines under the Data Protection Act, according to analyst firm Bloor Research.

Tony Lock, chief analyst at Bloor Research, said, "The Data Protection Act is already being enforced. There have not been any big customers hauled in yet, but there are strong rumours that the Data Protection Registrar would like to raise the Act's profile by getting a very visible law breaker.

"Everyone needs to worry about this. Smaller firms are easier to prosecute than larger ones."

Lock said data compliance was not on many companies' priority lists, but that four-figure fines were still an option for the Data Protection Registrar.

A research paper from Bloor examined the data storage requirements that arose from a range of legislation. These included the DataProtection Act, the Financial Services Authority mortgage and insurance regulations, International Accounting Standards, Basel 2 and regulations that will affect UK banking and insurance firms, and European human rights legislation.

Lock said, "Many organisations test new applications on an extract from a live customer database. In many instances that would be breaking the Act, and many are not aware of that. There is potentially a fine for every instance of misuse of data."

Network Appliance, which commissioned Bloor's research, is launching an information lifecycle management software product called Lockvault.

Val Bercovici, chief technology architect at Network Appliance, said, "Legal compliance experts say you need to keep everything forever, which is not only unappealing, but also difficult. The answer is tiered storage and information management."

Make sure your data is compliant       

  • Implement an open, flexible and simple storage infrastructure  
  • Identify all data that is subject to retention/deletion requirements 
  • Set compliance policies for access to and supervision of the content 
  • Set compliance policy classes for required retention 
  • Classify data into applicable policy classes 
  • Archive to write once, read many-compliant media. 

Source: Bloor Research

Clean data, clean profit>>

Read more on IT legislation and regulation

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.