by Simon Clayton, chief ideas officer, RefTech.
Many events businesses keep event data on a USB memory stick or laptop because its easy to transport and access on site, but USB sticks are easily lost or stolen; a few years ago a UK school was fined £80,000 just for losing a USB stick containing a pupil’s personal data.
Encryption of data is not legally required and, in fact, many politicians with a feeble understanding of technology have humiliated themselves by calling for encryption to be banned. However, encryption is the foundation of a responsible data protection strategy. It is also increasingly expected as the standard required to meet the data security requirement of the Data Protection Act.
We strongly recommend encryption of all personal data regardless of whether it is stored on physical or virtual media. This must include data on laptops, CDs, cloud storage, and USB sticks; the data contained in email attachments; data stored on websites; and the data contained in backup files and archives. If you use USB memory sticks then consider buying the sort with built in hardware encryption – they’re not expensive and you have to enter a code before it can be used meaning it’s automatically secure if lost.
If a data breach or theft occurred within your events business, unencrypted data could be available to anyone. This would greatly increase your legal and financial liabilities to those whose data was lost – as the ISP TalkTalk learned the hard way.
Encryption is a strategy and a business process, not a feature or an add-on. There are many factors to consider in creating your encryption strategy:
- What data will be encrypted;
- The kind of encryption you will use;
- How you will choose the right key size, algorithm, and software;
- What guidelines will be established, for example, mandatory encryption of all outgoing emails;
- How staff will be trained on the new standards; and
- Whether the industry or sector specific guidelines of the organisations you provide events for require specific or additional encryption standards.
For more information and advice on data protection within the events industry, download our free white paper: