If you're not worried about it, you should be. Sanctions for non-compliance with data protection laws get much tougher this month. The Information Commissioner's Office can levy fines of up to £500k for serious data security breaches - eg, failure to ensure encryption of material stored on portable devices. It can also conduct audits on whether data processing complies with best practice and issue enforcement notices. Employers must have appropriate security systems in place and clear processes for keeping and sharing personal data, and consider such issues as staff reliability and when data can be taken offsite. Since breaches commonly result from employees' ignorance of their obligations, HR has a major role to play through training and awareness programmes. But effective compliance needs a multi-disciplinary approach - involving facilities, legal and IT departments too - ideally, overseen by a data protection 'champion' with the clout to drive initiatives through.
Michael Burd and James Davies, Lewis Silkin LLP solicitors - e-mail: firstname.lastname@example.org