Dealing with data security breaches — an introduction - .PDF file.
In July 2013, Sony Computer Entertainment Europe announced that they had decided to withdraw their appeal against a fine of £250,000 imposed by the UK’s independent regulator of data protection, the Information Commissioner (IC), following a serious security breach in April 2011 that compromised the personal information of millions of its Sony Playstation Network customers.
Taking action to secure personal data is important not only from a data protection compliance perspective, where fines of up to £500,000 can be imposed by the IC, but also in order to prevent claims against the organisation from individuals affected by the breach that can fatally damage a business’s brand and reputation, not to mention the cost of disruption to an organisation investigating and responding to an incident.
The Data Protection Act 1998 (DPA) requires that organisations processing personal information relating to individuals, (personal data) must comply with eight data protection principles. The principles set enforceable standards relating to the processing of personal data. The seventh principle requires that appropriate measures are taken against unauthorised or unlawful processing and against accidental loss, destruction of or damage to personal data. A data security breach arising from a failure by a business to put effective security measures in place over personal data processed by it or on its behalf by a service provider, can result in formal action by the IC…
If you are registered and logged in to the site, click on the link below to read the rest of the Taylor Wessing briefing. If not, please register or sign in with your details below.