- Chris Parkinson replies:
Keep the minimum data you need and only give people access to the information that is required for their jobs. Access to personal data should be logged for auditing purposes. Passwords should be changed regularly and businesses need to keep track of employee churn to cancel accounts of those who leave.
Data exports should be restricted by limiting access to the data to those who can export the information. Only minimum information should be transferred to ensure the lowest risk possible.
When transferring data, an encryption system should be in place, including restricted access to passwords. To complete the transfer, brands should use a process that logs signatures and details of recipients or use a secure FTP site. This negates the potential risk of moving data onto external media such as a disc.
- Neil Fisher replies:
As a business, we are bound by the Data Protection Act to take precautions against loss or damage to customer data and access and disclosure rights must be restricted.
Technical protection is a specialist area, however, and qualified experts should control data security and transfer policies and it should be subject to audit.
When storing data you need to ensure your networks are protected and tested for effectiveness and that security software is regularly updated. Data transmission methods must be secure, with the regularity of transfer and exactly what is contained within the record structure being among the factors to take into account when deciding which method is best.
Regular transfers of data should be sent via private, encrypted data lines, while ad-hoc transfers can be done via a password-protected ZIP file on CD and sent by recorded courier or post. Ensure the password is not enclosed with the CD.
- John Rollason replies:
Marketing professionals need to ask their IT colleagues: "What is our data recovery plan?" To ensure the safety of data, it needs to be stored in a designated, secure storage system, rather than on a PC under someone's desk that could fail at any time. Make sure data is backed-up efficiently and properly without any errors to ensure it can be recovered. Back-up systems using tapes are not an efficient way to achieve this. Encryption is vital as it ensures valuable and important data cannot be accessed by unauthorised persons.
Data security needs to be seen as a long-term investment where encryption, back-up and data protection plans are put in place to help avoid the hassles of data loss and potential legal action.
THE PANELLISTS
Data manager - Chris Parkinson is product development manager at Lateral Group
Database owner - Neil Fisher is direct marketing manager at insurance provider esure, responsible for the direct response activity of esure, Sheilas' Wheels and Halifax Car Insurance.
Security expert - John Rollason is solutions and marketing manager EMEA at secure data management provider Network Appliance
POWER POINTS
- Use an encryption system and including restricted access to passwords
- Employ qualified experts to control data security and transfer policies
- Back up your data properly and efficiently. Do not use tapes
- Ensure you have a data recovery plan in place.