Recently, a lot of attention has been paid to Data Protection Act compliance, but how effective is the act, really, when it comes to helping prevent data leaks?
In this interview, Paul Simmonds, member of the board of management of the Jericho Forum, offers his analysis of whether Data Protection Act compliance (DPA) is actually a step toward keeping data safe.
Read the full text transcript from this video below. Please note the full transcript is for reference only and may include limited inaccuracies. To suggest a transcript correction, contact firstname.lastname@example.org.
Data Protection Act compliance: Effective data protection?
Eric Parizo: Hello. I am Eric Parizo, it is great to have you with us. Today we
are going to talk about the Data Protection Act with Paul Simmonds. Paul
is a member of the Jericho Forum Board of Management. Paul, thank you
so much for being with us today.
Paul Simmonds: It is a pleasure.
Eric Parizo: Paul, the Data Protection Act has received a lot of attention as of
late. Is it deserved or is there really too much hype?
Paul Simmonds: I do not know about too much hype, I think it is probably been in
need of some teeth for quite a long time, and finally seems to be
getting them. As a UK citizen, as far as I am concerned, it is a
really important bit of legislation, and therefore, I want people who
hold my personal information to take protecting that information
seriously, for me, I think it is great.
Eric Parizo: The Information Commissioner's Office is expected to start doling out
fines for organizations that are non-compliant. Considering the
complexity of the act itself, do you foresee the ICO having trouble
standardizing the way it issues the fines?
Paul Simmonds: I am sure they are working on a scale for what they find in what
circumstances. Ultimately, it will be nothing like the fines, probably
that were doled out against people like Nationwide, who were fined
just under 1 million pounds for their data breach on a single laptop.
Ultimately, if they find them, and the Data Protection Commissioner
gets some of that money, hopefully they can do more good with that
money and provide more services, more offices and hopefully put all
that money back into doing an even better job.
Eric Parizo: How would you say the industry as a whole is responding to the ICO's
plans? Are your colleagues in the information security industry
anticipating that that ICO's new ability to find non-compliant
organizations will cause an improvement in data security in the
industry, as a whole?
Paul Simmonds: I would hope so. I think those of who think we do a pretty good job
of information security for our organizations think we are in
reasonably good shape, and ultimately the Data Protection Commissioner
is only going to be fining those people who do a really bad job or
persistently do not take notice of what they are being told by the
Information Commissioner's Office. If you are a reputable company
doing your best with a good information security team, actually, the
feeling generally is you should have nothing much to worry about.
Eric Parizo: The maximum fine is reportedly 500,000 pounds. What are some ways
organizations can make sure they avoid this and any other fines, and
what are some best practices to generally comply with the DPA?
Paul Simmonds: I suppose the key thing is understand where your PII, your personal
information actually is, where it is being stored, and where it is
going to. If you actually understand that, that is the key thing,
other than that, it is really motherhood and apple pie stuff. Make
sure that computers that are holding this information, especially
laptops are encrypted, do not put it onto memory sticks, again, unless
it is properly encrypted; it is real basic stuff. It is computer
security 101, and if you are doing that, then you should be pretty
Eric Parizo: Finally, will the ICO's actions bring about positive change?
Paul Simmonds: Yes I do. I think they have desperately in need of the teeth.
Certainly as a UK citizen, I hope it gets those few last rogue
companies out there to clean up their act and look after my personal
information potentially better than they are doing it at the moment.
Eric Parizo: Paul Sims, member of the Jericho Forum Board of Management, thank you
so much for joining us today.
Paul Simmonds: You are very welcome.
Eric Parizo: Thank all of you for joining us, as well. For more information
security videos remember, you can always visit SearchSecurity.co.uk. I
am Eric Parizo. Stay safe out there.