Information has value for a number of reasons, and it is important to secure information. Doing this the right way should be one of your top priorities. If you don’t secure it the right way, you risk infringing the rights of your customers and business partners, violating information security laws (including data protection laws), and causing your organisation financial loss and reputational damage from the fallout of those data breaches.
Do you comply with Information Security Laws when you secure information?
Consider this example for a moment:
You safeguard your organisation’s property (vehicles, computers, LCD screens, the office kitchen’s appliances, etc.) by appointing security personnel, installing CCTV cameras and putting up electric fencing around the building. Your reason is that this property has value. Losing it and having to replace it will affect your organisation’s bottom line. But, what about the contents of electronic files, removable USB drives, hard drives, serves, cloud accounts, or any other place where you store your organisation’s information? Have you truly considered what losses your organisation may suffer if an intruder should access that information? Sure, you may have secured in a technical manner – but have you secured it from the human element within your organisation? Is the information in those different places valuable to your organisation?
Apart from the purely financial losses you may suffer, there are also the legal consequences of information security laws such as:
- umbrella data protection laws – the GDPR in the EU, for example, DPA in the UK, and even POPIA in South Africa; and
- industry specific information security laws – such as those in the healthcare, financial services, and education sectors.
There are also information security standards (such as ISO/IEC 27001:2005, COBIT 5, and ITIL), and obligations – in terms of Non-Disclosure Agreements, for example – where you must secure information and keep it confidential, irrespective of whether that information is personal information or not.
Which of these obligations is your organisation subject to? Have you taken steps to assess the value of your information, and to guard against the risks of not complying with information security laws?
Actions you can take
- Assess your current level of information security and what you still need to do to comply by competing our Online Information Security Assessment.
- Create a plan of action for protecting information and information systems from unauthorized access in your organisation by getting an Information Security Policy.
- Receive online group training on information security law by joining our Data Protection and Information Security Webinar.
- Participate in an insightful face-to-face meeting, seminar, or discussion group on information security law by attending our Data Protection and Information Security Workshop.
- Find out how technically good your information security measures are by asking us to conduct an Information Security Audit.