Could DPA training help reduce the number of data breaches in the UK public sector?
/EINPresswire.com/ IT Governance, the Data Protection Act (DPA) compliance experts, are advising public sector organisations that they must act immediately to address data protection gaps or risk heavy fines and reputation damage.
IT Governance’s statement follows the worrying statistics revealed in the latest research by law firm Field Fisher Waterhouse. The results show that public sector organisations are 80% more likely to be fined for data breaches than private sector companies and that 60% of the fines in the public sector were issued to local authorities.
The research also highlighted that last year was the most prolific yet for the Information Commissioner's Office (ICO) in terms of penalties, with 25 fines, 3 enforcement notices, 6 criminal prosecutions and 31 undertakings.
Alan Calder, CEO of IT Governance, says, “The high number of fines demonstrates that the ICO is determined to punish those that do not comply with data protection law. Moreover, based on the ICO’s experience, the government has rightfully proposed that NHS organisations, responsible for several high profile data security breaches so far, should be made subject to compulsory audits and has launched a survey to gather opinions.”
Despite the fact that all public and private sector organisations in the UK are required by law to be compliant with the Data Protection Act (1998), there are still many that fall short of meeting the DPA’s requirements and don’t take their obligations seriously enough.
The Data Protection Act (DPA) requires that organisations comply with eight principles. In order to do this they need to develop and implement certain policies and procedures that relate to both technology and people.
Calder says, “From our experience with public and private organisations, we understand that the biggest challenge is to ensure that that organisational security policies associated with processing personal information are actually implemented.
“For those organisations that are unsure if they comply with the DPA, I recommend carrying out a DPA gap analysis in order to assess their level of compliance.
“I cannot stress enough how important staff training is for meeting the DPA requirements and to pass a potential audit. It is essential that organisations train one or more staff in the DPA principles so that they can lead the compliance process.”
The IT Governance DPA Foundation training course is a one-day session designed to provide staff with a full knowledge of the eight principles of the DPA and the practical advice to ensure that all practices associated with processing personal information are implemented and maintained on a continual basis. The course can be booked online at www.itgovernance.co.uk/shop/p-525.aspx.
- Ends -
FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
IT Governance’s statement follows the worrying statistics revealed in the latest research by law firm Field Fisher Waterhouse. The results show that public sector organisations are 80% more likely to be fined for data breaches than private sector companies and that 60% of the fines in the public sector were issued to local authorities.
The research also highlighted that last year was the most prolific yet for the Information Commissioner's Office (ICO) in terms of penalties, with 25 fines, 3 enforcement notices, 6 criminal prosecutions and 31 undertakings.
Alan Calder, CEO of IT Governance, says, “The high number of fines demonstrates that the ICO is determined to punish those that do not comply with data protection law. Moreover, based on the ICO’s experience, the government has rightfully proposed that NHS organisations, responsible for several high profile data security breaches so far, should be made subject to compulsory audits and has launched a survey to gather opinions.”
Despite the fact that all public and private sector organisations in the UK are required by law to be compliant with the Data Protection Act (1998), there are still many that fall short of meeting the DPA’s requirements and don’t take their obligations seriously enough.
The Data Protection Act (DPA) requires that organisations comply with eight principles. In order to do this they need to develop and implement certain policies and procedures that relate to both technology and people.
Calder says, “From our experience with public and private organisations, we understand that the biggest challenge is to ensure that that organisational security policies associated with processing personal information are actually implemented.
“For those organisations that are unsure if they comply with the DPA, I recommend carrying out a DPA gap analysis in order to assess their level of compliance.
“I cannot stress enough how important staff training is for meeting the DPA requirements and to pass a potential audit. It is essential that organisations train one or more staff in the DPA principles so that they can lead the compliance process.”
The IT Governance DPA Foundation training course is a one-day session designed to provide staff with a full knowledge of the eight principles of the DPA and the practical advice to ensure that all practices associated with processing personal information are implemented and maintained on a continual basis. The course can be booked online at www.itgovernance.co.uk/shop/p-525.aspx.
- Ends -
FOR FURTHER INFORMATION
Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750
daleksandrova@itgovernance.co.uk
NOTES TO EDITORS
IT Governance Ltd is the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is ‘non-geek’, approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at www.itgovernance.co.uk.
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.