Breach of Data Protection Act – Quick Poll

We are working closely with our partners to assist companies better understand the implications of mishandling data and are interested to gather some research into how well the Data Protection Act is understood.

The ICO has the ability to issue fines up to £500,000 and this is without having to go to court.  They do not discriminate against type of company, although the majority of fines have been in the public sector they are also targeting private companies.

Could you take a minute to fill in our poll to help us better understand how well the new legislation has been communicated to the business world and what your position is on the new legislation.

If you would like more information about how this new legislation might affect you please get in touch and we will guide you in the right direction.

ICO breaks £1m milestone in Monetary penalties

As the Information Commissioner’s Office (ICO) hands out two more hefty fines, it hits the £1m threshold of fines issued.  Granted the majority of these fines have been in the Public Sector, but that does not eliminate private businesses who have also received fines and investigations.

The ICO is clamping down hard on data breaches, with new guidelines being proposed January 2012 which will come into play over the coming months and years.

The UK is working alongside Europe with a new set of guidelines that cover trade between countries.  This is taking the legislation one step further in so far as if you deal with a company in France and have a breach of their data, you could find yourself in a French court!

We are interested to understand more fully how this is impacting on business.  It is clear that public authorities have been the main focal point, however, a small firm of Lawyers was fined £200,000 (reduced to £1,000 due to company closure) and a privately owned training company £60,000.  Alongside this individuals have been fined for the theft of data from their employers.

Do the initial fines indicate that the ICO has been establishing their case law and will now look to a much wider business community? We believe it does.
They have published where their main focus will be during this year, being:-

• Health
• Credit and Finance
• Criminal Justice
• Internet and mobile services
• Security

They have had a major push within the private sector informing companies that they need to be registered with the Act at the very least.  Industries thought to be most at risk are professional services such as Accountants, Lawyers, Estate Agents and the Health Sector.

So what does this mean for you?

The ICO has the power to issue fines without any type of court interaction and the majority of fines have been issued due to lack of staff awareness or staff negligence in handling sensitive data.

Security technology is growing at an exponential rate, but where a member of staff needs information they will find a way to get it – technology can only cover you so much – staff need to be aware of what they can and can’t do within the bounds of their roles and responsibilities.

The ICO cover this element of risk by recommending staff should be assessed four times per annum with regular awareness sessions provided where vulnerabilities are found.  It is accepted that information can be stolen on laptops and other devices, however, this is where technology plays a part with encryption and adequate security built into everything that leave the offices.  The ICO say there is no excuse.

By looking at the technology required, training and awareness for the staff and regular staff assessment, you will go a long way to start and protect yourself, but it doesn’t start and end as one project.  It is an ongoing appraisal that needs to be reviewed at regular intervals.

Your policy needs to be carefully defined and communicated to everyone in the organisation, with key individuals taking full responsibility for the care of sensitive data.  Security measures need to be constantly reviewed.  Alongside all of this the basics need to be embedded within everyone in your organisation.

You will find you have four areas of risk within your business:-

• Legal / Compliance – Are you sure you are adhering to the legislation?
• Financial – Would a fine wipe you out?
• Productivity – The risk of operational losses and customer services delivery.
• Reputation and Customer Confidence – would your customers still support you if you lost their data.

The legislation seems to be heading in the same direction as that surrounding health and Safety.  The ICO has targets to hit and no organisation is beyond their reach.

More information on how to build your staff’s awareness here.

USB Sticks: Convenient to carry – Easy to lose.

Praxis Care Limited has breached both the UK Data Protection Act and the Isle of Man Data Protection Act by losing an unencrypted memory stick, containing personal information of up to 107 Isle of Man residents and 53 individuals from Northern Ireland, in August 2011.

The care provider has taken action to improve its data protection practices after losing the memory stick on the Isle of Man, following a joint ruling by the Information Commissioner’s Office (ICO) and the Office of the Data Protection Supervisor (ODPS) for the Isle of Man.

The device has not been recovered. However, Praxis has informed all affected individuals about the loss and so far no complaints have been received by the regulators. Some of the information was sensitive and related to individuals’ care and mental health, leaving the care provider wondering if they are yet to receive a fine.

Praxis Care Limited has committed to making sure that “all portable devices used to store personal data are encrypted.”

NHS fined £375k after stolen patient data sold on eBay

Hospital bosses at Brighton and Sussex University Hospitals NHS Trust are appealing against the Information Commissioner’s Office (ICO) stiffest punishment yet, a whopping £375,000.

The Information Commissioner is ‘proposing’ to issue its largest fine to-date for a breach of UK data protection laws. This comes as after patient records were stolen from a hospital and sold on eBay.

Hard drives holding patient data had been sold on the auction website by a contractor it employed to destroy them. The data was stolen from Brighton General Hospital in September 2010, according to a report by the BBC.

The Trust is challenging the suggested penalty. “We were the victims of a crime,” Duncan Selbie, chief executive of Brighton and Sussex University Hospitals NHS Trust said in a statement. “We subcontracted the destruction of these hard drives to a registered contractor who subsequently sold them on eBay.”

To date the biggest fine that the ICO have ever officially issued is £130,000. This was to Powys County Council after pages from a child protection report were mistakenly sent as part of a separate document sent to a member of the public. A larger fine of £200,000 was issued to a London based Law firm however they ceased trading and as a result the fine was revoked.

The trust said: “As soon as we were alerted to this we informed the police and with their help we recovered all the hard drives stolen by this individual,” he said. “We are confident that there is a very low risk of any of the data from them having passed into the public domain. We have subsequently received a Notice from the Information Commissioner’s Office proposing a fine of £375,000 which we are, in the circumstances, challenging.”

It is stated in the Data Protection Act (DPA) that organisations must take “appropriate technical and organisational measures … against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data”. The law requires organisations to be extra protective where especially sensitive personal data in involved, for instance patient medical records.

The ICO has the authority to give fines of up to £500,000 and considering the amount of data that was stolen, and the amount of damage that could have been caused the hospital should be grateful that the fine was not higher.

Age bias in IT

Most high-tech employers, in fact most employers in general would most probably deny that age discrimination is an issue at their company. However in the IT industry, workers over the age of 50 beg to differ, saying that they have experienced age bias or at least know someone who has.

This bias can take several forms, salaries might stagnate, they might have fewer or no opportunities for advancement, they might not be included in training and professional development programs. And they could be the first to be laid off and the last to be hired.

According to recent U.S. government data, unemployment rates for older IT professionals increased faster than they did for younger tech workers since the recession began three years ago.

Age bias is a simplistic label for what is a complicated set of factors and issues that influence job prospects for senior employees for every industry. When considering workers over the age of 50, employers have to take the following factors into consideration:

• Both the relevance and currency of skills.
• The level of wage expected, which is typically higher than the salaries younger people seek.
• Behaviours and attitudes, which could become narrow-minded with age.
• Energy level, which is presumed to be less than that of a 25-year-old.

While these are generalisations and are not necessarily true for any particular candidate or employer, they are still is a stereotypical assumptions.

The harsh reality is that when times are tight if you could have someone fresh out of education who is likely to by up to date with current technologies,  and pay them half the wage that someone of 45 years would expect, who would you hire?

To find out what your employees really think why not conduct our Staff Engagement Survey

Why being Green needn’t make you Blue.

“Sustainable development is development that meets the needs of the present without compromising the ability of future generations to meet their own needs.” – Brundtland Commission, 1987

Paying attention to sustainable development is not just important to the pocket, but it can be especially sensible when so many potential customers and clients are actively seeking greener products and services.

Making environmentally conscious decisions about your business operations can be good for the bottom line. There is a misconception that in order to make a company greener it requires a cash injection, when in actual fact a lot of the changes are small, have very low overheads but make a difference and lower outgoings – actually saving you money.

As predictions about the availability of energy, water and other natural resources are validated, going green may also enable companies to keep customers and investors happy, maintain market share, become more efficient, it may also help avoid liability for environmental damage. For small businesses to be actively involved in sustainable development, they need to adopt environmentally sound business principles and translate these into action.

High oil prices and global warming are driving the move towards going green, the knowledge that our natural resources won’t last forever is increasing the number of customers and shareholders that are demanding a move toward the corporate social responsibility of a companies actions.

As far as an organisation is concerned adopting environmental practices is all about money. Taking on board environmental practices could help save money and gain new business, however some ‘green moves’ can be very pricey, but the deciding factor is often that going green helps companies enhance their public relations, how the public perceive an organisation can have a strong impact on company profit.

There are certain things as an organisation that you can do to make your company greener:

Perform an energy audit: Some utilities offer businesses free on-site consultations on how they can reduce usage and save money. Most common suggestions can include: Insulation upgrades, timers to automatically turn off lights, and energy efficient light bulbs.

Go paperless: Encourage e-mailing. When paper is necessary, print on both sides and use old letterheads/non sensitive documents as scrap paper.

Recycle: Recycle glass, paper, plastic, metal and manufacturing waste, and reuse packaging for postage.

Include Green issues in the Staff Satisfaction survey: Dedicate a section to Green issues within the annual employee survey.

Reduce commuting: Encourage carpooling, offer passes to employees who take the bus or train, add bike racks for cyclists.

Reduce business travel: Teleconference instead of travelling. For must-go trips, keep track of the miles driven and flown and buy “carbon offsets” to make up for the greenhouse gas emissions.

 Buy green: Tell suppliers that you’re interested in sustainable products, set goals for buying recycled, refurbished, or used.

Detoxify: Talk to suppliers about alternatives to toxics, such as used batteries and copier toner, and make sure you properly dispose of the ones you can’t avoid using.

Rethink transportation: Consider the fuel it takes to ship and receive products. Purchase or lease energy-efficient cars and trucks for business use.

Provide leadership and resources for going green: – Assign a respected person to head up Green initiatives. Include “green” in your company’s mission statement and business plans.

Get employees involved: Create a team to lead the company’s eco-efforts and determine where you can have the biggest impact for the least amount of money.

Communicate Green issues: Inform suppliers and customers about your efforts. And get in touch with local regulatory agencies, many offer financial incentives to businesses that implement green initiatives.

Save water: Monitor sinks and toilets for leaks that waste water.

Explore alternative energy sources: Consider using solar energy, bio-fuels, wind power and other alternative energy sources.

Implement green manufacturing: Use energy-efficient equipment, and streamline processes.

Implement green policies: Establish policies and standards.

Becoming a Green company doesn’t need to cost the earth, but it just might save it. For more information on Green computing and Staff Satisfaction surveys please contact Taylored Assessments.

What is customer service?

You often find documents like: ‘8 Golden Rules to Customer Service’ or ‘Ten Commandments of Customer Care’ But what is customer service really about?  And what is the difference between a customer’s idea of good service and an organisation’s?

On a basic level most would say that customer service is about enhancing the level of satisfaction that the customer feels when doing business with a company, but in reality it is so much more.

There are many different models of customer service but they all agree on one thing: that organisations should have clear answers to basic questions.

For the Institute of Customer Service “Customer service is the sum total of what an organisation does to meet customer expectations and produce customer satisfaction”.

In order to meet these standards an organisation has to look both internally and externally and assess the systems in place to find out what customers expect.

Once you know what your customers want and expect you can work out if your staff deliver the very same level. If there is any performance vs. expectation differences, then they need to be addressed and constantly monitored.

Key to customer service is getting all members of your organisation to embrace it through training and development, at individual and team level.

To do this an internal assessment might be considered as a wise way of gathering the information needed in a time efficient manner with minimal cost. As the assessment will already be written for you, all that you need to do is to get your staff to complete it.

After all It is people who make a business, and where your staff are not aligned to your business objectives you will be missing opportunities.

Carrying out regular staff satisfaction surveys along side the customer ones will help you to create a culture of openness which will improve communication, staff engagement and productivity, resulting in increased profitability, and happy customers.

Good customer service is the livelihood of any business. You can offer promotions and cut prices to bring in as many new customers as possible, but unless you can get some of those customers to come back, your business won’t be profitable for long. Its not just bringing them back its keeping the customers happy too- happy enough to pass positive feedback about your business along to others, who may then try the product or service you offer for themselves and in their turn become repeat customers.

At Taylored Assessments we have just the assessment to get you the answers you need in reference to customer care and staff engagement.

For more information on the importance and relevance of Customer Care and Staff Engagement Read below.

Customer Care:
How would you survive without happy customers?
Do you know how happy they are?
Could your key customer be about to leave you?

Staff Engagement:
Staff Engagement Surveys are a vital tool for assessing and developing your people.
Personnel who are engaged are ambassadors for your organisation, are loyal and are keen to support you in your success.

Hackers paid by Facebook

The social networking site Facebook paid out a massive $40,000 in the first three weeks of testing for security bugs and rouge apps.

‘The bug bounty program’ was set up by Facebook aims to encourage security researchers to help harden the social networking site against attack. The programme gives monetary rewards to those that find security bugs, the minimum amount paid for the detection of a bug is $500, and it goes up to $5,000 depending on the severity of the bug.

In 2010 Facebook set up a system which promised not to take legal action against those that find bugs.

One security researcher has already been awarded the maximum amount for discovering bugs, and received $7,000 for finding six.

Many cyber criminals have infiltrated Facebook and have been using it as a way of gaining personal information, promoting spam, or selling counterfeit goods.

Many other international companies, including Google and Mozilla, run similar schemes to that of Facebook’s ‘bug bounty program’ and they have proved useful in sourcing out bugs. However hackers may find that they are paid more in the underground market for the information than the organisation is willing to pay, and if that did happen, where would that leave Facebook’s security?

Staff retention just went viral

When brewing company MillerCoors realised it was struggling to retain female salespeople, the company turned to social tools to turn it around and retain their female staff.

Executives wanted to make female sales reps feel less isolated and more a part of a cohesive team. But the problem was how to go about this when their workers are spread across the country, frequently on the road, and working odd hours.

MillerCoors, a $7.5 billion company with roughly 8,500 employees, and they turned to Triple Creek, a company that makes enterprise mentoring and social learning software which gave staff an opportunity to connect with each other, giving a personal connection.

Last summer a regional sales executive noticed that the company was losing women in sales positions at a much faster rate than it was losing their male counterparts. It was a problem the company wanted to quickly curb.

MillerCoors decided to provide mentors to some of its saleswomen, connecting them through the Mentoring software. It is designed to let mentors and workers connect one-on-one or in groups and enables people to share documents and post comments.

The wonders of social networking.

The Inequalities in Equality

More than half of small business owners believe a glass ceiling for women still exists in the workplace, business software company Sage found in a recent study.

The latest Omnibus study, which draws on Sage’s 800,000-strong customer base, found significant discrepancies in the number of women that head up businesses in different areas of the UK. Scotland leads the way with 30 per cent of businesses led by a woman, while the North East lags behind with less than 10 percent of businesses polled led by a woman.

When it came to business priorities, the poll showed that both men and women were equally concerned about the performance of their business and the wider economy, but achieving a good work-life balance was more important among female business owners.

In February, Business Secretary Vince Cable and Home Secretary Theresa May called for FTSE 350 companies to set goals for increasing the number of women in the boardroom by September 2011.

It is positive that the government is looking to address inequality, however the equality that we seek and quickly turn in inequality when companies start to favour one sex over another because the government said so.

It has been said that it may be time to consider different approaches to increase female representation at the top of companies, perhaps through training or mentoring programmes for in order to address this key issue. But surely if the women are getting mentoring then the men should too, that is of course if we truly are looking for ‘equality’

But really what it should boil down to is this…. should it matter? Surely the best man or woman should get the job irrespective of their gender?