Services Management Services

Data Protection
The Data Protection Act of 1988 (“DPA”) provides regulation for processing information relating to individuals, including the obtaining, holding, use or disclosure of such information. The securing of personal data is important in terms of either a privacy risk or a financial crime risk.
Aside from the obvious PR issues a breach of the Act implies, it contains provisions for the imposition of a fine levied by the Information Commissioners Office. In addition, the FSA has levied considerable fines to the likes of Zurich and HSBC under section 206 of the Financial Services and Market Act 2000 for breaches of its principle 3. This states that a firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.

The Information Commissioner’s Office (“ICO”) has had its powers enhanced recently to enable it to fine up to £500,000 for a “serious breach” under the DPA. No proof is required that a breach has resulted in loss. In addition to any fine, invariably of greater consequence is the reputational risk to the authorised firm since regulators are committed to publicise breaches as a deterrent to other firms.

How Chiltington can help:
Our analysis typically starts with a review of data flows including who accesses the data and where and how it is sent, including transmission to any third parties. In addition, methods of storage are reviewed. The review will determine these flows by:

• Staff interviews at different levels
• Analysis of any relevant procedural information.
• Data analysis.
• Media used in the process
• Processes and controls already in place.

  From this, a map of data flows is produced and highlighted on the basis of a traffic light system. Maps are supplemented by reports either on an exception basis, highlighting areas of concern, or a complete review of all flows.