During the tail end of the 20th century, businesses began to favor using computer databases to store information on their employees and customers. Data such as name, address, credit history, and even criminal conviction are just a few examples of commonly collected information. Computers made it easier and streamlined this process over manual methods which were time-consuming and required physical storage space.
Information could now be centralized in one location that was previously scattered and only available by having to go through various government bodies. Naturally, this increased risk for misuse as anyone with login credentials or technical know-how could break into the system and access information. In light of these growing concerns, the UK government passed the Data Protection Act in 1998 (DPA) to give a legal voice and representation to individuals who have their personal data stored digitally.
This act provides a comprehensive framework in relation to how businesses should behave, what rules they need to follow, and what checks and balances they need to implement to ensure data protection. The process begins long before any information is collected with organizations legally obliged to notify people who they are, how they’ll use their information, and make it clear that individuals have a right to view their own information.
Responsibilities of the holders of information
As information is collected, the foremost responsibility of any business is to communicate with the Information Commissioner’s Office (ICO) and let them know how they plan to use the data. If approved, they must store the data in a location with proper access controls and up-to-date security features to stop any unauthorized access.
Otherwise, firms can easily build up a database, create customer personas, and sell the information for profit. Additionally, businesses are required by law to comply with every request of information from government bodies who routinely conduct audits to ensure there’s no foul play.
What this mean for businesses
Trying to make sense of all the compliance requirements can be confusing and taxing for both small business owners and regulatory departments of large firms. Fortunately, cloud-based solutions such as Microsoft Office 365 have made significant strides to provide systems that meet compliance requirements of running a business.
Here’s just a glimpse of some features these cloud-based solutions offer:
- Access control that secures information behind layers of authorization.
- Rights management services that block sensitive information being downloaded onto hard drives or being mailed out.
- Set up permissions that require approval from the appropriate authority before any action can be executed such as viewing an individual’s information.
Using these solutions is a great way to carry on with running your business without having to worry too much when it comes to meeting data compliance requirements.
Understand your rights as a subject
If you’re on the other end of the spectrum and have provided your information to businesses previously, it’s critical to understand the laws created to protect you. You don’t want to wait until after your credit card information is leaked or a previously sealed criminal conviction is released in public that costs you your employment. Rather, you should be proactive and ensure accuracy and safety of your data as much as possible.
An easy way to uncover information businesses have on file is to make a formal request to the ICO who will release your information to you. Plan this well in advance as the process can be lengthy and remember to repeat this every few years at the minimum in case any changes have been made.
If you happen to discover information that is inaccurate or should not be there, you have the right to complain to the ICO who will investigate on your behalf. If any wrongdoing is found, you are entitled to compensation for damages.
Data protection has become fundamental and a core aspect of the ‘cost of’ doing business over the past few decades. With this, strict laws have also been passed especially in the UK to protect you from data theft and fraud from shady businesses.
These laws can only protect you if you know what a business has on file about you and what they are entitled to have. Therefore, take the time to familiarize yourself with the laws and don’t be lax when it comes to safeguarding your data. Just remain mindful of exemptions which may apply in special cases to the DPA such as information that can be accessed by tax and police departments.