Cyber-attacks and criminal activity is one thing, but not all data breaches are of the same nature. Information security is a serious business now, especially in light of the new GDPR regulations that affect every European business, including a large section of health-related activities.
Great Ormond Street Hospital Children’s Charity was fined £11,000 by the Information Commissioner for failing to follow data protection rules. Between 2010 and 2016, the charity sent on average 795,000 records per month to a wealth screening company. In their report they state ” Some charities profile their donors based on their wealth. They hire companies to investigate income, property values, lifestyle, and even a person’s friendship circles in order to find the most wealthy and valuable donors. These companies also identify donors they believe charities should target because they are most likely to leave money in their wills – they call this legacy profiling.”
Between 2012 and 2015, Great Ormond Street Hospital Children’s Charity used this approach to match 103,500 email addresses to supporters, and match 208,000 dates of birth to supporters.
Under the new European General Data Protection Regulations (EU GDPR) which supersedes the European Data Protection Directive, such action is not permissible.
Unity Metrix Ltd helps businesses get their heads around new law; Managing Director, Vince Picton says “This is just one organisation in a long list of British businesses that are simply ignoring the importance of the new directive. No matter what size your organization is you are now duty-bound to look after your data properly; and that can be complicated. No longer can you just share, manipulate or even HOLD data without express permission or legitimate need, but for the average business it is difficult to know what you can and can’t do, which is why they should take professional advice.”
So there you have it, if you are a business owner, however small, think about talking to the professionals before you get stung.