Small firms need to get their act together on data protection

28 Jul 2008

Small firms are being urged to put data protection high on their agenda and to be aware of their obligations under the Data Protection Acts, following a series of security lapses in recent months, such as the laptops which were stolen from Bank of Ireland Life.

Director of the Small Firms Association, Avine McNally (pictured), said today the majority of small companies have no data security policy in place. This puts them at the mercy of organised criminals and hackers, as well as facing legal action for not having proper safeguards in place.

Companies can be fined up to €3,000 on summary conviction and not exceeding €100,000 on conviction on indictment under the Acts.

“SMEs are becoming integral partners of larger companies in online supply chain operations by their ability to synchronise operating systems and share real-time data using the internet.

“However, gaining the benefits offered by technology can add up to nothing if it comes at the expense of a company’s security and the safety of key business data.”

McNally highlighted how smaller businesses can be vulnerable when it comes to data protection:

“Larger companies are likely to have specific IT staff available to look after the disposal of documents, printouts and floppy disks.

“For smaller businesses, it can be quite easy for people to pass a computer on to a third party, thinking they have deleted all the relevant documents, when in fact they’ve only deleted the links. It is then quite possible for someone with IT knowledge to retrieve these documents and use them for the wrong purposes.”

By Sorcha Corcoran