Client data must be protected
Staff have been warned that stealing client information from their existing employer could have serious consequences.
The warning comes after a former company employee was prosecuted by the Information Commissioner’s Office after transferring client information before moving to a new job.
The employee sent details of 957 clients to his own personal email address before leaving to start his new job at a rival company, and the email included a whole host of sensitive information including contact details and records of their purchases.
And it’s not just employees who need to take care when it comes to handling personal data – companies can face serious fines and even criminal proceedings if they break the rules.
Under the strict guidelines in data protection, personal information needs to be protected and kept secure, with particular care taken over details such as medical records.
Businesses must tell the person what they intend to do with their data (perhaps the business is collecting a customer’s email address to confirm an order) – and if the reasons the business wants to use the information change, they customer must be informed once again.
Only the information required at that exact moment should be collected and if a business wants to use someone’s data for marketing purposes, the person needs to know.
If your business outsources the management of this kind of data – such as carrying out payroll services – it’s important to take legal advice as your business will still be responsible for protecting the information and you will need to have a written contract in place with the service provider.
As well as ensuring the personal data is not passed on, all data must be accurate and up-to-date. Databases should be regularly cleaned and any out-of-date information must be deleted.
When it comes to disposing of sensitive information, it must be done securely – by shredding, placing in confidential waste bags, destroying it completely or securely deleting electronic files. And confidential papers should never be put into the recycling bin.
If your staff believe that security has been breached, and personal data has been accidentally lost, it must be reported to the designated person in your company immediately.
These instructions do not only apply in the office either – anyone working away from the office or in public areas must take exactly the same precautions.