Navigating the data security maze

Today, more business data than ever is being collected.

Just think of your own business: there are your business plans; your confidential emails and documents; and, of course, sensitive details about your customers that they wouldn’t want you to share with others.

The way data is used – or misused – regularly makes headlines in the media. Spectacular security breaches, embarrassing gaffes and IT blunders have often led to bad publicity and fines for organisations across the world.

Lawmakers are keen to provide safeguards and protection for the data-driven economy. Draft legislation is being worked on within the EU, and countries have their own laws too. Yet, it’s difficult for authorities to keep pace with the rapid advance of technology, as new challenges appear with each innovation. Crucially, it’s hard for lawmakers to strike the right balance between the right to privacy for individuals and how data enables the data society to respond dynamically to the needs and wishes of the very same citizens.

Many enterprises are establishing their own, far-reaching data protection programmes that span their business and include their ICT partners. While a complex data protection policy would be overkill for most SMEs, it’s crucial that they address data security in a way that’s legally-compliant, measured and practical.

Resellers should take the opportunity to become an invaluable resource for SMEs to ensure compliance. To do this, they need to be well-versed on the latest data protection legislation that might impact on their customers.

These include the EU Directive 95/46 that sets a minimum standard for protection of personal data across the EU. Some member states have adopted a stricter approach however, which resellers need to be aware of too and be ready to advise SMEs regarding specific local laws. There might also be international regulatory frameworks, which could impact SMEs. These include the Appropriate Tools Required to Intercept and Obstruct Terrorism Act 2001 (known as the USA Patriot Act) and the US-EU Safe Harbor agreement. The Patriot Act gives authority to US Federal law enforcement agencies to obtain and share information involving foreign intelligence or counter-intelligence. The US-EU Safe Harbor scheme provides a voluntary mechanism enabling US organisations to certify they will adhere to a set of data protection obligations similar to those found in EU law. These arrangements are regarded by the EU as offering adequate protection for personal information transferred to the US.

In addition to advising SMEs on the latest developments in the regional and local regulatory landscape, resellers should advise their customers to introduce policies for their employees to follow to ensure data is safe, and check that any technologies in use (e.g. collaboration platforms, document sharing tools, mobile devices, security software) support these policies. Furthermore, resellers should advise their customers to check that their ICT partners observe their wishes for how their data is processed through a written assurance or an audit.

As the volume of data generated by businesses continues to grow, ensuring regulatory compliance might seem like a minefield for SMEs with limited resources. There is an opportunity for resellers to become a source of insight and advice for SMEs and generate additional streams of revenue in the process. This article previously appeared on Channel Pro