UK charities might want to consider enlisting the services of data protection experts after hearing how such organisations are the fourth most likely to be in contravention of data protection laws.
Figures from the Information Commissioner’s Office (ICO) show that third sector companies experienced 53 data breaches between October 2014 and April 2015, compared with the 23 that were seen in the previous six months, Charity Digital News reports.
In order to ensure that data is properly secure, charities need to make sure that they are fully aware of their legal obligations in relation to the Data Protection Act so that confidential information is adequately protected and not improperly shared.
The ICO can issue fines of up to £500,000 or enforce criminal prosecutions if the Data Protection Act is not strictly adhered to, so it’s vital that all organisations, charities and otherwise know exactly what they need to do.
Data encryption is a very easy way of reducing the chances of a data breach within charities. All too often, these leaks happen as a result of lost or stolen hardware. Without encryption, anyone who comes across a device or media can usually easily access all the information that is stored on it.
Highly secure offsite backup, such as Redstor’s Cloud Backup service, is another service that charities could employ to help reduce security risks, transferring backup data securely offsite encrypted rather than on easily lost physical media. You and your business must ensure that you select an online backup provider that complies with the relevant data protection and data sovereignty laws and regulations.
Charities can further reduce the risk of data leakage by eliminating shadow IT such as iCloud and other consumer cloud focused services in the workplace and by utilising a highly secure, centrally managed cloud-based service to facilitate working remotely and collaborating with co-workers and 3rd party organisations. The service provider’s compliance with data protection and data sovereignty laws and regulations should again be considered before implementing a service of this type.