Search

Brian Pennington

A blog about Cyber Security & Compliance

Tag

National Insurance Number

The Information Commissioner’s 5 Tips on how to better protect personal information

The UK’s Information Commissioners office has created a list of 5 useful tips for protecting personally identifiable information (PII).

The list comes on the back of an offer by the ICO to help charities and other third sector organisations to help them protect data and avoid potential fines of up to £500,000.

Louise Byers, Head of Good Practice at the ICO, said:

“We are aware that charities are often handling extremely sensitive information relating to the health and wellbeing of vulnerable people. With these organisations often lacking the money to employ dedicated information governance staff, there’s a danger that many charities may be struggling to look after people’s data.

“We have published today’s top five areas for improvement to show the voluntary and charity sector that good data protection practices can be cheap and easy to introduce, providing they have the right help and support.

“A one day advisory visit from the ICO provides charities with a data protection ‘check up’ and practical advice on how they can look after people’s information. We are now calling on these organisations to use the summer period to check that their data protection practices are adequate and get in touch before it is too late.”

Sam Younger, Chief Executive of the Charity Commission said:

“Trustees are responsible for ensuring their charity complies with relevant legislation – including the Data Protection Act – and for protecting their charity’s reputation. Mishandling sensitive data not only causes individuals serious distress, it can also damage the good name of your charity. So I encourage trustees of charities that handle sensitive data to take note of the ICO’s guidance and consider taking part in an ICO advisory visit.”

The ICO’s top five areas for improvement are:

  1. Tell people what you are doing with their data. People should know what you are doing with their information and who it will be shared with. This is a legal requirement (as well as established best practice) so it is important you are open and honest with people about how their data will be used.
  2. Make sure your staff are adequately trained. New employees must receive data protection training to explain how they should store and handle personal information. Refresher training should be provided at regular intervals for existing staff.
  3. Use strong passwords. There is no point protecting the personal information you hold with a password if that password is easy to guess. All passwords should contain upper and lower case letters, a number and ideally a symbol. This will help to keep your information secure from would-be thieves.
  4. Encrypt all portable devices. Make sure all portable devices – such as memory sticks and laptops – used to store personal information are encrypted.
  5. Only keep people’s information for as long as necessary. Make sure your organisation has established retention periods in place and set up a process for deleting personal information once it is no longer required.

I would like to add that whilst these tips are useful most businesses, especially charities, should review their requirements under the Payment Card Industry Data Security Standard (PCI DSS) as credit cards are the life blood to most organisations.

.

Advertisements

How to Contact the Credit Reporting Agencies to Place a Fraud Alert

The National Insurance numbercard issued by th...
Image via Wikipedia

The Identity Theft Resources Centre has some great advice on how and what to do when contacting a Credit Reporting Agency:

  • Please use the report fraud phone numbers from each credit reporting agency to place a fraud alert on your credit report. We recommend that you call all three credit reporting agencies because they may have different information that might cause the fraud alert to be denied.
  • These will be automated systems, please listen for the prompt for the fraud alert.
  • The automated system will ask identifying questions, such as your name, Social Security Number (US), National Insurance Number (UK), address number, and date of birth. This is to verify your identity.
  • If you are successful in placing the fraud alert on your credit report, you will receive a confirmation number immediately or you will receive a notification letter by mail within the next 10 to 14 business days.
  • On your notification letter, there will be a telephone number to request a free copy of your credit report. Please contact theCRA’s immediately to obtain these reports.
  • You are not successful in placing the fraud alert if the automated system asks for you to write to them with documentation. This is common for victims of identity theft. The credit reporting agencies usually require a copy of a current utility bill, copy of your current driver’s license or a state ID, and a letter with your full name, Social Security Number and date of birth, requesting a fraud alert be placed. You will also want to request your free credit report in the letter.

.

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: