Charities need to be aware of the risk of significant fines of up to £500,000 which can be issued by the Information Commissioner’s Office (ICO). Credit card numbers, bank account details, names and addresses, national insurance numbers and dates of birth are some of the key ‘ingredients’ for identity theft; hence the stringent fines for failure to comply with the Data Protection Act.
Charity fines totalling £270,000
In the last few years the British Pregnancy Advice Service and Norwood Ravenswood have been fined £200,000 and £70,000 for not taking care of personal data, respectively. In addition, the ICO has issued enforcement notices to Asperger’s Children & Carers Together and Wheelbase Motor Project who both lost unencrypted hard drives. The notices required the charities to implement encryption and other security measures. Breaches like this can be very disruptive, take up a lot of management time and cause damage to reputations.
Cyber security measures your charity should implement
Best practice is for charities to do at least the following 3 things:
1. Encrypt laptops and portable hard drives
2. Provide cyber security training and assessments of understanding to all staff
3. Implement an Information Security Management System (ISMS). An ISMS defines roles and responsibilities and helps identity and mitigate risk.
Hawsons have a proven solution
Hawsons can help with all aspects of cyber security including advice on encryption, staff training and the provision of an SMS which is used by over 70 charities.
More from our charity experts
You can find all of our latest charity sector news and newsletters here.
If you are looking for advice in a particular area, please get in touch with your usual Hawsons contact.
Alternatively, we offer all new clients a free initial meeting to have a discussion about their own personal circumstances – find out more or book your free initial meeting here. We have offices in Sheffield, Doncaster and Northampton.