The ICO – helping you keep your client data safe

August 9th, 2012 .
Authored by Alan Thomas .
3 min read
Person Working at Computer

Do you know about the Information Commissioner’s Office (external link) (ICO)? It’s possible that you don’t, but if you run a small company that does business over the Internet then you really should because it’s the data privacy watchdog and it can punish your firm if you’re not playing by the rules. It can fine organisations up to £500,000 – so there’s a powerful incentive to find out what it says and does.

Did you know, for example, that if your firm holds and processes certain types of personal data, you might need to register with the Information Commissioner? To find out whether your business must notify the ICO of what data you store and for what purposes you use it, check on its website.

The ICO’s job, in a nutshell, is to safeguard the use of personal data by businesses. It sets standards and establishes best practices for how organisations of all types and sizes use and store our private information. It has already shown its teeth with heavy fines against government departments, NHS trusts and private companies.

The important point to bear in mind is that the ICO can punish you if you haven’t taken the proper steps to protect your client data properly. It can fine you if you haven’t stored that information securely, not just if a problem occurs and you lose it.

But don’t think that the ICO’s role is just to come down like a ton of bricks on hard-pressed small businesses if they make a mistake. It’s there to help SMEs understand their obligations regarding the data they collect.

The ICO took a very common sense and pragmatic approach to the introduction of new EU data privacy laws last year. It gave British businesses a year to incorporate new cookie consent features on their websites to comply with the new legislation, and the guidance it issued on that to firms was, in my opinion, really first class.

Data privacy is an issue that smaller firms need to be very aware of, but most are unlikely to have the resources to comb through the relevant legislation and to understand the effects on how they run their business. So it’s well worth adding the ICO website to your 'favourites' list, because the information it puts on there for small businesses is easy to understand, it’s relevant and it’s helpful.

There’s a good document on its site, which offers a brief guide to small businesses’ obligations under the Data Protection Act. There’s also a checklist for SMEs to help them comply with the law. Download them and read them both carefully – it could save you a lot of hassle in future.

Your business banker can also provide you with invaluable tips on how to securely store clients’ payment card information.

At Hiscox, we want to help your small business thrive. Our blog has many articles you may find relevant and useful as your business grows. But these articles aren’t professional advice. So, to find out more on a subject we cover here, please seek professional assistance.

Alan Thomas

Alan Thomas is a small business expert at Hiscox, advising technology and media SMEs. He says: “Entrepreneurs fascinate me because they bring ideas to life. I work with them every day so I hear a lot about the challenges they face and I want to share that knowledge to help other SMEs succeed.”