Data compliance nightmares break headlines every year.
From Facebook account information theft to the notorious Sony emailing hacking scandal, we’re all aware of the terrible backlash that can follow major data breaches — as well as the massive financial penalties that businesses can receive as a result.
All data protection practices are liable to be threatened and scrutinised. To keep information secure, and remain on the right side of the law — and avoid fines in the wake of disaster — businesses must be compliant with legal regulations.
The problem is, some businesses are not clear on what best practices are, which means they may be making mistakes without even realising it. So what are these mistakes, and what can be done to stop them?
Being Unaware Of Exactly What Data Is Being Stored
The right to be forgotten is a fairly new data rights idea that is getting a lot of attention on the global stage. It’s part of the European Union’s big GDPR move and has garnered much interest from nations on other continents too, like South Korea, Argentina, India and the United States.
The idea is, individuals have the right to request their data be deleted, although, in some more low-key scenarios, it’s just about making sure data is accurate and up-to-date. The concept may be an inconvenience to a business, but to appease lawmakers and customers having the ability to comply with the right to be forgotten is important.
Before they can comply with the right to be forgotten, businesses must know what data they hold on somebody and have access to it at all times. If they don’t, then the business cannot amend or destroy it upon request, which can be in breach of data privacy laws.
Businesses often collect a lot of data. The trouble is, they aren’t always sure what to do with this data. While some of it is used for important tasks, other pieces are essentially scattered to the winds. Awareness of what data businesses store is important, as is the ability to access it whenever necessary. The trick to remaining compliant is two-fold. It involves:
- Only onboarding data that is needed, limiting the amount stored and therefore reducing the risk of erroneous pieces of information getting lost in a sea of data
- Making sure robust systems of consumer record storage are in place, to allow for easy viewing of all personal data held on an individual.
Continued Use of Outdated Fax Machines
Fax machine use is still rife around the world, and for good reasons. Fax documents allow for the transmission of important legal files, and the sharing of visual information quickly. While many argue it is outdated, the fax itself is a vital part of many economic infrastructures, and should not be dismissed as archaic.
What is archaic though, is the machines used to send the fax. The fax machine hasn’t changed much since it’s rise in the 1960s — which is alarming. These types of units are not designed for contemporary operations. Using a fax machine to send a fax is like using a computer built in the 90s to access the internet. Fundamentally, the internet is the same as the time of its inception, just as the fax is. But the supportive technology around it has evolved dramatically.
For faxing, this means risks to data compliance. Fax machines are known to increase the chance of breaches through several weaknesses, including a lack of data encryption, easy-to-hack hardware, the commonality of accidental misdialing, and a high probability of paper files to be exposed to unauthorised parties.
But, as with the internet, there are now ways to access fax that doesn’t require ancient hardware. Digital fax technology allows businesses to maintain essential fax functionality without having to use risky hardware like fax machines. Businesses can send and receive fax while removing the risk factors that increase the chance of a data breach. There are other benefits to using digital fax too, such as being prepared for future changes like the ISDN switch off.
Maintaining Paper Document Practices
Paper documents introduce significant risk factors when it comes to data security. They are difficult to store safely. Filing cabinets and drawers are not considered secure unless they are locked up properly and only authorised individuals have keys. The moment a paper document is potentially exposed to an unauthorised individual, it becomes a problem for data security. This can happen in shared workspaces or simply by having a piece of paper left out on a desk.
Paper documents are also easy to lose. In the past, we’ve seen reports of documents relating to national security left on a train, and confidential police files stolen after a senior official left them on the back seat of a car. It is a risk and a genuine problem.
There is also the simple issue of tracking down paper documents. They can often be difficult to find, especially if businesses store lots of records, which can make updating information a problem — and also lead to sensitive information disappearing. Both of these risks can contravene data protection and data rights laws.
Going paperless works against these risks by making all business documentation digital. Digital practices increase security through access controls and encryption, while also making it easier to find documents through simple search functionality, so it becomes near-impossible to lose files. When it comes to the right to be forgotten, this element is key.
The Misguided Concept of Safety
Big data penalties and issues are seen as problems exclusively for big businesses. British Airways recently got slapped with a huge fine for data breaches and other massive corporations like Marriott, Yahoo and Uber have seen similar repercussions for lax security and loss of consumer data. But that’s because they are big commercial enterprises with targets on their backs — right?
The idea that entities are protected from backlash because they are a small business is not an uncommon one. In fact, even a year after the EU rolled out its game-changing GDPR legislation, millions of small businesses were found to be non-compliant with the regulations. Many believed it wouldn’t affect them.This idea is false. Simply put, it doesn’t matter if a business is a giant like Apple or a small business that sells apples, they have to be compliant with data protection regulations or they can and will be held accountable for breaches. One such example of businesses being handed down fines after GDPR is that of a small shipping company in Germany that was hit with a penalty costing thousands of Euro for the way it processed client contracts.
Being a small business is not protection. Those that store customer data on any level must be compliant with data protection laws. There is no safety in size nor ignorance.