Have a question?
033 3772 0409

Employment Solicitors

Dealing with Data Loss (12 June 2008)

Date: 12/06/2008
Duncan Lewis, Employment Solicitors, Dealing with Data Loss

Dealing with Data Loss



The loss of personal data is a regrettably common occurrence. Any organisation which knowingly suffers a loss of data on its customers, suppliers or members (e.g. employees) needs to consider carefully what action to take.



The Information Commissioners Office (ICO) has recently issued guidance for organisations that lose personal data, having reported that it has been notified of nearly 100 such incidents to date.



One of the less intuitively obvious suggestions is to think carefully about whether all the potentially affected people need to be notified. For example, notifying all your customers about a security glitch which in reality affects only a small proportion of them may produce a flood of enquiries and requests for further information from unaffected people, as well as possibly undermining their confidence in your organisation.



What is advisable is to obtain an accurate understanding as soon as possible of the scale of the loss and the potential impact on the people whose personal information has been lost. For example, if the information is such as to make identity fraud a possibility, it is likely to be more important to notify the people concerned than if the lost information is simply a list of names and addresses (which could be obtained easily from other sources).



The ICO advises that there are four important elements to consider when creating a breach management plan. These are



Containment and recovery;
Assessment of ongoing risk;
Notification of breach; and
Evaluation and response.


The guidance is recommended reading for any organisation which holds personal data and should be considered as part of your data risk management strategy. It can be found at

http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/guidance_on_data_security_breach_management.pdf.



Reference should also be made to the ICO’s good practice guides on data security management at

http://www.ico.gov.uk/Home/what_we_cover/data_protection/guidance/good_practice_notes.aspx.



In April, the Financial Services Authority published its report on data security in financial services. The report contains much useful information and advice on the maintenance of good data security. See http://www.fsa.gov.uk/pubs/other/data_security.pdf.



Data security is an important but widely neglected issue for many organisations. Failure to follow adequate data protection procedures can have severe consequences, not only from the point of view of fines, but also damage to reputation and possible claims for losses suffered by those whose data has been compromised. We can assist you in helping to make sure that your legal risks due to data loss are minimised.





Partner Note

The guidance for organisations on the loss of personal data can be found at http://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/guidance_on_data_security_breach_management.pdf.



The Financial Services Authority’s report on data security in financial services can be found at http://www.fsa.gov.uk/pubs/other/data_security.pdf.




For all Employment related matter contact us now.Contact Us

Call us now on 033 3772 0409 or click here to send online enquiry.
Duncan Lewis is the trading name of Duncan Lewis (Solicitors) Limited. Registered Office is 143-149 Fenchurch St, London, EC3M 6BL. Company Reg. No. 3718422. VAT Reg. No. 718729013. A list of the company's Directors is displayed at the registered offices address. Authorised and Regulated by the Solicitors Regulation Authority . Offices all across London and in major cities in the UK. ©Duncan Lewis >>Legal Disclaimer, Copyright & Privacy Policy. Duncan Lewis do not accept service by email.