Since November 2010, the UK’s Information Commissioner has had the power to levy fines of up to £500,000 on businesses who fail to keep personal data secure. To date, the IC has levied fines totalling £1.5 million. The IC’s stated intention is to encourage compliance before the event, rather than fining after it and so the IC has just published its first ever guide to IT security targeted at small- and medium-sized businesses. The Guide is useful practical reading as it goes beyond the very high level data protection principles which every business is required to comply with under the Data Protection Act 1998 to actually detail the sort of IT security measures and procedures which the IC expects small businesses to have in place. This article is a useful summary for businesses of what the IC’s guide says and includes many hints and tips for practical compliance with its requirements.
For additional information or assistance regarding the SME Guide, please contact one of the Squire Sanders lawyers listed in this publication or one of the Squire Sanders lawyers with whom you routinely work