By Claire West
It may be hard to believe, but something as simple as a staff member's beloved family pet could land your business in court or with a hefty fine. Data Protection leader, PDP Training, which has recently launched the Practitioner Certificate in Data Protection, has estimated that as many as 80% of all UK organisations do not have an enforced password policy for staff, meaning that the data held on them is at risk of a security breach.
It is well-documented that, left to their own devices, many people will make serious errors of judgement when selecting a password in order to make it as memorable as possible. These errors can involve using the same password for multiple purposes or using a word that is easily associated with the person such as their pet's name or that of their partner. Although there are no accurate figures - and PDP Training deemed it irresponsible to survey people on their computer passwords - the sheer number of people using 'Password' as their password would shock you.
Employers however may be horrified to realise that not taking control of the situation and enforcing a password policy puts them in the dangerous position of breaching data protection law. From April this year the Information Commissioner's Office (ICO) has had the new power to actually fine organisations for this - at up to £500,000 per breach this could be an extremely costly, yet easily fixable error.
PDP, which runs a range of data protection related courses and trains staff at over 1,000 organisations every year, developed its new qualification in consultation with the ICO and it has already been accredited by the Law Society. The qualification has been developed to give employers the reassurance that anyone awarded the certificate will possess a solid knowledge of data protection law, as well as an understanding of the practical implications for organisations of the legal requirements. In short, they will certainly be able to help the employer guard against potentially costly pitfalls.
Peter Carey, data protection expert says: "Three months on, the ICO has yet to fine an organisation for a data protection breach but you can bet that as soon as it does happen it will be very big news. While I am sure no company wants to be fined up to half a million under any circumstances, being first would be very unfortunate."
For further information on the Practitioner Certificate in Data Protection visit www.dataprotectionqualification.com