Protect personal data to avoid a fine from the ICO

A recent report from the ICO listed common failings. They include:

  • Employment contracts are missing suitable clauses to cover data protection and information security
  • Lack of formal policies and procedures for protecting data
  • Little formal training or awareness of what needed to be done
  • Lack of awareness about security controls such as encryption
  • Lack of controls over paper records and IT systems containing sensitive data
  • Lack of information for individuals about how personal data was going to be processed
  • Personal data was kept for longer than necessary, retention schedules not defined
  • Where CCTV is used, there were no adequate notices to inform individuals that CCTV is in operation on the premises

Companies need to consider their paper and digital information, and the process, IT and HR issues to ensure everything is covered.