Steps To Protect Your Business From Security Breaches

Author:Giambrone Law ILP
Profession:Giambrone & Partners

HR and IT professionals must be even more vigilant in protecting data that comes into the possession of the business and take even more precautions to prevent accidental and deliberate breaches. The on-going court case involving Morrison's potential for vicarious liability arising when a disaffected former employee copied the personal data of thousands of fellow employees and at a later date, after he had left the company, uploaded all the private information of his former colleagues on to a file-sharing website where it was visible to all, should make all businesses starkly aware of the position they could be placed in if they do not exercise robust procedures to avoid cyber breaches and malicious behaviour by disgruntled employees. Morrison's has been granted permission for a final appeal to the Supreme Court as so far the courts have held Morrison's vicariously liable for the breach.

The HR professionals in any business must maintain the strictest controls on the access to sensitive data regardless of whether it is client data or staff data and commission the drafting employment contracts that set out in explicit terms how such information should be handled including what should happen when a member of staff leaves the company. The consequences of a data breach deliberately or carelessly caused by an employee should be clearly itemised. In some instances there is a case for sending certain employees on immediate garden leave when they resign. Giambrone's employment law team are experts in drafting watertight employment law contracts and have expertise in various jurisdictions enabling them to address cross-border contracts.

The IT professionals must act straight away to change both passwords and the ability to access to sensitive data as soon as a member of staff leaves. However, the damage can already have been done; so procedures and processes must be set out how data may be accessed, with steps to access involving more than one person and clearly specified justifiable reasons to access the information which have to be noted down, timed and dated. Limiting the number of employees who need to...

To continue reading