Keep customer data safe: DPA compliance26 July 2006
The internet has grown so rapidly and so extensively in both popularity and capability that there is barely an area of 21st century life in which a computer is not involved. From our working week to our weekend rest, getting online has become a normal and essential part of making plans, doing research, organising entertainment, doing the weekly shop and communicating with other people.
The more we do with out internet connection, however, the greater the trail we leave - as websites ask for registration e-forms, contact details, credit card payments, and so on. Such sensitive information has fallen under the wing of the Data Protection Act (DPA).htm since 1998, which was designed to ensure the responsible use of personal information by the companies that obtain it.
New research has found, however, that when it comes to the internet, these guidelines may not be followed in quite the same way. A study conducted by Vanson Bourne on behalf of Compuware Enterprise Solutions found that 44 per cent of firms could potentially be breaching the DPA through the use of real customer information during application development tests.
Of the 100 companies polled, 48 per cent confessed that they were no more than 'vaguely familiar' with the terms of the act. Worldwide enterprise solutions director at Compuware Ian Clarke said that firms should do more in this area, as "unless they have rigorous procedures in place, they run the risk of live data being leaked to third parties". He continued: "This can have severe repercussions on customer confidence and company reputation, and ultimately affect the bottom line."
How to stay compliant?
Any company that collates personal data about its clients or keeps staff records - in other words, every company - must ensure it is compliant with the DPA. A firm storing these details for any purpose is known as a 'data controller' and must adhere to eight key terms, known as Data Protection Principles. They state that data should be:
- Processed fairly and lawfully.
- Processed for specified and lawful purposes.
- Relevant and adequate for specific purpose.
- Accurate and maintained.
- Not retained any longer than necessary.
- Processed in accordance with the rights of the individual.
- Kept secure against loss, damage or theft.
- Not transferred to destinations lacking adequate protection.
What small businesses can do
In order to be truly confident that everything is being done to secure personal data, it si a good idea for small businesses to check out the Business Link website, which offers further information and advice.
Otherwise, it is also advisable to invest in a customer relationship management database, which will not only help you deliver improved customer service and better track you clients' needs, it also serves as a secure one-stop for their contact and other personal details.
It is also essential that all stored data is adequately protected. Businesses should invest in a security package, for example BT's Internet Security Pack to ensure that a firewall and virus scanner is in place to prevent data theft. Establishing a back-up service will also protect customer information in the event of a disruption. Online data backup stores essential company information at an off-site location, so that in the event of an emergency, data is secure and safely retrievable.
Post a comment
As usual, we would be delighted to hear your comments or questions about this article. Comments may be published on this or any other BT site.
