If you are running any type of business that involves direct mail then you are expected to take the DPA, Data Protection Act, seriously at all times.
The DPA exists to protect the public’s personal information from misuse of any kind and failure to adhere to the law can have dramatic consequences for a business. However, many businesses are confused by data protection and as a result land themselves in damaging situations that could have otherwise been avoided. If you store or use consumer’s personal information in any way then you should have strict policies to protect not only their information but your own business.
How data can be used
How data can be used and stored is often where businesses either misunderstand or fail to comply with the DPA. As a result, the DPA sets out eight regulations to govern how data can be used by organisations which include;
• All information must be used fairly and lawfully
• Information should be used for limited and stated purposes
• It should be used adequately, not excessively and in a relevant way
• Information should be maintained and accurate
• It should only be stored for as long as is necessary
• Any information has to be handled according to people’s data protection rights
• All information should be stored safely and securely for people’s protection
• No information should be transferred outside of the UK without adequate protection
The ICO are responsible for enforcing these regulations as well as having the authority to audit businesses. With increasing personal data now being stored electronically, businesses can be more at risk than ever of a breach in data protection and should therefore be doing all they can to ensure that this never happens. With mobile data, e-commerce and internet banking now being more popular than ever before, the laws surrounding the subject of data protection are likely to become stricter as time goes by.
A breach can consist of;
• Unsolicited text messages/emails
• Incorrect disposal of data
• Unsecured storage of data
• Loss or theft of data
• Sending data to an incorrect recipient or address
The list is extensive and there are many more but the above are some of the more serious breaches that have been known to happen.
The consequences of a data protection breach
All data protection breaches are taken seriously no matter what the size and there are severe consequences for those involved. In April 2010 the ICO was given the ability to fine businesses up to £500,000 for serious data protection breaches. For many businesses, this level of cost could be enough to put them out of business for good and even if they can afford the fines, there is the damage it does to their reputation. With identity theft and fraud at an all time high, losing your consumers trust is fatal to a business. Since the fines were introduced, they have risen year on year from 2 in 2010 to 9 in 2013.
In some extreme circumstances, prosecution can also be considered, especially for repeat offenders who fail to address the security of their data. If you have concerns or questions regarding data protection then there are companies that can assist you with compliance.
Image Credit: Thomas Milburn