Five Information Security Areas for SMEs & Charities

ICO Guide to Advisory Visits
ICO Guide to Advisory Visits

The Information Commissioner’s Office (ICO) has highlighted the top five areas for information security improvement for small and medium-sized organisations (SMEs)with staff training and communication with customers on their details are the most important areas.

Its top five areas are as follows:

  • Tell people what you are doing with their data
    This is a legal requirement (as well as established best practice) so it is important you are open and honest with people about how their data will be used.
  • Make sure your staff are adequately trained
    New employees must receive data protection training to explain how they should store and handle personal information. Refresher training should be provided at regular intervals for existing staff.
  • Use strong passwords
    All passwords should contain upper and lower case letters, a number and ideally a symbol to help keep information secure.
  • Encrypt all portable devices
    All portable devices, such as memory sticks and laptops, used to store personal information should be encrypted.
  • Only keep people’s information for as long as necessary
    Information retention periods should be established retention periods together with a process for deleting personal information.

The ICO is offering a one-day advisory visit to charities covering a data protection ‘check-up’ and practical advice on how they can look after information.

For further information on this topic and the ICO advisory visits, please go to

Share this article on Social Media:

Leave a Reply