The Information Commissioner’s Office (ICO) has highlighted the top five areas for information security improvement for small and medium-sized organisations (SMEs)with staff training and communication with customers on their details are the most important areas.
Its top five areas are as follows:
- Tell people what you are doing with their data
This is a legal requirement (as well as established best practice) so it is important you are open and honest with people about how their data will be used.
- Make sure your staff are adequately trained
New employees must receive data protection training to explain how they should store and handle personal information. Refresher training should be provided at regular intervals for existing staff.
- Use strong passwords
All passwords should contain upper and lower case letters, a number and ideally a symbol to help keep information secure.
- Encrypt all portable devices
All portable devices, such as memory sticks and laptops, used to store personal information should be encrypted.
- Only keep people’s information for as long as necessary
Information retention periods should be established retention periods together with a process for deleting personal information.
The ICO is offering a one-day advisory visit to charities covering a data protection ‘check-up’ and practical advice on how they can look after information.
For further information on this topic and the ICO advisory visits, please go to http://bit.ly/xFXmgO