Keeping data secure

Advice 2010-02-24 15:45
Andy Jones, director and general manager of Xerox Global Services, Europe says the company uses stringent outsourcing

In recent weeks the Information Commissioner's Office (ICO) has warned that data controllers could face a £500,000 penalty if they breach the Data Protection Act. When you consider the potential fines involved - not to mention the impact a breach could have on an organisation's reputation - the severity and importance of the issue is clear.

The thing about data breaches is that the people that create them tend to so because they're unaware of security policies or, worse still, such policies simply don’t exist in their organisation. When dealing with digital data it is essential that the organisation is able to manage it efficiently - and securely.

It comes down to company policies and the policies of the partners you work with. A well structured document management policy that clearly grades information, how each category should be treated, dos and don’ts and clearly outlines the consequences for the organisation, individual or client if not followed, can help.

Staff management

Additionally the implementation of sound operating practices around staff management - such as banning mobile phones and personal bags from client data processing areas - is key to maintaining a secure environment. Companies also need to implement secure technology management that prevents staff copying client data, removing the physical means of backing up data (unless in a controlled environment) and ensure processed data is regularly purged from systems.

The customers we're working with are making great gains in this battle against data breaches. When working with them we use stringent outsourcing guidelines and data handling processes and we bring complete transparency to the process. This ensures we maintain complete control of customer data throughout its lifecycle, from receipt to destruction.

Best practice

Best practice includes maintaining (and making available) detailed management information that tracks who has had what access to client data at each stage of the process, providing full visibility and audit trails throughout the process. At Xerox we have made substantial investments in technology to track and keep control of client data.

Xerox is also able to use technology to automatically extract information from digitised data, avoiding the need for humans to read it. When humans do handle sensitive information, we can use technology to dissect a client's information and spread the work across many operators, meaning no one person has access to any individual client data. That's the level of investment a mature and professional company is able to go to ensure complete confidentiality and fidelity of client information.

Go to the next page for our top five security tips

 

Pages

Tags:
Security
Security
Xerox
data breach

Related Articles

Computerlinks strengthens security portfolio
Tufin and Sourcefire deals announced
McAfee names UK & Ireland VP
Ross Allen extends role to lead new territory
The Rise of the SuperVAD
Exclusive Networks' Barrie Desmond explains the concept of the 'SuperVAD' - and why he thinks resellers should harness its power