Welcome back and a very Happy New Year to all of you! We hope you all had a festive Christmas, and are all ready to tackle the IT challenges of 2016! First up this year, we’re going to discuss the differences between data protection and information security…
As many companies have become so reliant on the Internet to conduct their business, naturally there has been an increase in the amount of information that is stored online. This improves the efficiency of many business processes and reduces the need for manual tasks. However, it is vital that companies realise the importance of keeping sensitive data protected and realise the legal implications of data loss in the event that systems are compromised.
There are many buzzwords associated with data security. Two of the most commonly used terms are ‘data protection’ and ‘information security’. Whilst there are certainly similarities in the areas that both cover, they do actually refer to different aspects of the same subject.
So what is the difference between Data Protection and Information Security?
Well, Information Security is an all-encompassing term that refers to the protection of all types of data, both physical and digital. The protection of this data means that the information should never be allowed to be disclosed, modified or accessed without authorisation. This is to ensure that data is not compromised and maintains its integrity and validity.
Data Protection Act
On the other hand, when people talk about Data Protection, they are usually referencing the Data Protection Act, which controls how personal and sensitive information is used by companies, organisations or the government. This could mean personal data such as your home address, mobile phone number, credit card details or information regarding your children. There is also an advanced level of data protection that includes details about a person’s sexual health, political or religious beliefs, ethnic identity or criminal background.
Every company that handles a person’s sensitive data has a responsibility to use it fairly and lawfully, for a specific pre-defined purpose and to hold that information for no longer than is necessary. Personal data must be kept safe and secure and should not be transferred outside of the European Economic Area (EEA) without suitable security measures being put in place.
Data Protection certainly falls within the scope of Information Security, but it is only part of the equation.
Another topic of interest is cyber security. Again, this is represented within the guidelines for Information Security, but it refers solely to electronic data that needs to be kept safe online, as opposed to manual paper records for instance which are held at Chambers or at a GP surgery. Cybersecurity can be effected by having appropriate methods of protection in place for application and network security as well as educating end-users on best practices.
It is vital that Chambers comply with the Data Protection Act and ensure that regulations and guidelines are followed to the letter. Failure to do so will result in a serious loss of reputation and clients. We are specialists in data protection for the legal industry and can guarantee the security of information held in your Chambers IT systems. Get in touch for advice today.