A charity was fined £70,000 by the Information Commissioner on 10 October following the loss of highly sensitive data. During a presentation to the Charity Law Association’s annual conference on 11 October, a senior policy officer from the Information Commissioner’s Office reiterated the need for all charities registered under the Data Protection Act to ensure that they have adequate security measures in place and gave five tips to aid compliance with the Act:
- transparency – tell individuals why data is held and the purpose for which it will be used
- staff training – ensure that all staff are aware of the steps that they must take to secure sensitive data
- have strong password controls in place
- encrypt portable media
- keep data only for as long as it is necessary.
Further guidance on compliance with the Act can be found here