Public Affairs Director, Experian International
(+44) (0) 115 934 4548 Tel
Experian welcomes European Data Protection Day
But maintains that Data Protection is a 365 day a year priority for organisations and individuals
Nottingham, UK, As the Council of Europe celebrates European Data Protection Day on Monday, 28 January 2008, Experian®, the global information services company, argues that commercial success needs consumer confidence and that data protection is fundamental to achieving and maintaining consumer confidence. Therefore, data protection must be a priority of all organisations, whether in the public or private sectors, every day of the year.
European Data Protection Day was first introduced by the Council of Europe in 2007 to raise the issue of the protection of privacy in the European Union, to encourage European citizens to become more aware of personal data protection and of what their rights and responsibilities are in that regard.
“Data protection is just good business practice,” says Mike Bradford, Director of Data Protection & Regulatory Compliance at Experian. “Achieving the trust of consumers that their data is held by organisations safely and used in compliance with legislation is fundamental to organisations’ continued ability to function with the consent of their customers and the wider community – it should be built into the culture of every organisation that holds, processes and uses individuals’ data.
“Successful organisations can achieve market differentiation through their approach to data protection, by going further than just complying with the letter of the law and adopting a best practice approach by establishing minimum standards for total compliance and going beyond these, identifying areas where making extra investment will deliver additional benefit.”
Bradford also argues that data protection is not all one way; individuals also have a responsibility to handle their own data properly and keep their personal data safe to avoid becoming victims of identity fraud. As well as the usual advice, such as shredding documents such as bank statements and credit card slips containing personal information, keeping such documents under lock and key and installing robust security software on their home computers if they transact online, he says they should also proactively monitor their credit report for any signs that their identity might have been taken over and credit been applied for or taken out fraudulently in their name.
“Monitoring your credit report with an online monitoring service such as CreditExpert, and reacting quickly to any alerts of changes in your credit report, is a sensible way to ensure your own data protection,” says Bradford.
EXPERIAN’S ADVICE TO ORGANISATIONS TO BE DATA PROTECTION COMPLIANT
Put in place a clearly defined Data Protection policy and assign specific responsibility at a senior level for implementing and monitoring this policy
Staff awareness and training at an individual level is key to fulfilling corporate responsibilities.
Involve Internal Audit as part of an ongoing compliance monitoring regime.
Watch for relevant Codes of Practice and Guidance Notes and regularly check the Commissioner’s website.
Make notification and consent wording clear and transparent. Ensure wording is sufficient to cover both current and possible future processing, but make it understandable and avoid small print. Put yourself in the reader’s shoes.
Adopt a layered approach to notifications and use the Commissioner’s Information padlock by way of a signpost to help with transparency and draw attention to what the customer needs to know.
Good housekeeping should start at home with robust controls around employee records.
Review responses to data Subject Access Requests and ensure these comply. Can a request be turned around with the 40 days allowed?
Review data retention policies to ensure there is no processing of inaccurate or decayed data.
Look at technical, security and organisational measures for protecting data, and any arrangements and contracts with third parties. Are these adequate?
Does data more outside EEA countries? If so, has the data subject consented to this or can another Eighth Principle condition apply?
Have all areas of processing been identified? Is there a need to notify the Commissioner’s office of any new processing? We are seeing more and more prosecutions for failure to notify – often by professional firms and partnerships.
EXPERIAN’S TOP 10 TIPS ON HOW YOU CAN AVOID BECOMING A VICTIM OF IDENTITY THEFT
Take care of your personal information by keeping any documents containing personal information, including transaction slips and proofs of identity, secure.
Never throw away whole receipts, bank statements, utility bills or other documents that can be used by a fraudster to assume your identity. Your rubbish bin is a target for fraudsters. Always thoroughly destroy personal information before throwing it away, preferably by using a personal shredder.
Check your receipts against your card and bank statements carefully. If you find an unfamiliar transaction, contact your card issuer or bank immediately. If you bank online, use this facility to keep a constant eye on any transactions occurring on your accounts.
Monitor the information on your credit report. The fact that it takes most people nearly a year and a half to discover they are victims of identity fraud vividly demonstrates that most of us make life far too easy for the criminals. People who regularly monitor their credit reports typically spot if someone is attempting identity fraud in their name within a matter of weeks.
Never disclose personal or financial details to anyone ‘cold-calling’, even if they claim to be from your bank, the police or another official organisation. It’s always a good idea to phone them back on the number you have for them, not the one they may give you.
Use different passwords for different accounts. If a fraudster accesses one, they are less likely to be able to access all accounts.
If you have documents stolen, there is a strong chance these will be used to commit fraud in your name. If this does happen, Experian can help prevent a repetition by adding security features to your credit report. If a fraudster opens an account in your name, this will show up on your credit report and you can ask Experian to help you liaise with the lender/s involved and make sure you’re not affected by the fraud.
If you move home, redirect your post from day one. The new occupants may at best just throw letters in the bin instead of forwarding to your new address; at worst, they might use the information to steal your identity.
Only provide personal information and credit card details on secure sites displaying bone fide logos of secure payment systems, such as Verisign or Worldpay.
Try to keep your personal information in different places around the house so a thief will find it more difficult to obtain complete information. Keep as much as possible locked up.
The word 'Experian' is a registered trademark in the EU and other countries and is owned by Experian Ltd and/or its associated companies.