According to the Information Commissioner’s Office (ICO), the National Health Service (NHS) and the local government are two areas where there are significant and widespread data protection compliance concerns. The ICO has levied monetary penalties for data security breaches by the NHS totaling £945,000 since the penalties were first introduced in April 2010. This is effectively a £1 million budget cut that could have been avoided. Public organizations have unique data protection responsibilities and challenges, particularly as personal information is central to delivering their services. Indeed, data protection and information governance will become even more key to their mission as services evolve to deal with remote access and multiple platforms. Getting the right data protection measures in place avoids the distraction of data protection breaches and wasted costs of monetary penalties. At the same time, it contributes towards an organization that can use information effectively, as well as lawfully. Some key action points for effectively protecting personal data and avoiding fines include: conducting a data protection audit to analyze risk, adopting both physical and electronic data security methods and having appropriate policies, procedures and practices in place with a clear line of accountability.
Read more
