What is sensitive data and what steps can be taken to keep it secure?
We now live in a world where virtually every aspect of life is captured and stored in some digital form. On a daily basis we engage online with family and friends or with colleagues and organisations. In doing so we volunteer personal details such as name, passwords, emails and location details, sometimes without realising it. This sensitive data is continuously being collected and even physical characteristics such as race, gender and age can be recorded. We are forced to share data to prove our identity without really knowing how our data is kept safe or even where it is held. As the risk of ID theft and fraud increases so does the responsibility to keep sensitive data secure.
There are steps individuals can take to keep personal data safe like stronger passwords, avoiding public WIFI and installing and updating antivirus software. However, the pace at which technology changes means that organisations need to respond and adapt quickly. Regulations have been put in place to ensure organisations take the necessary steps to keep data secure.
The Payment Card Industry Data Security Standard (PCI DSS) was set up to help organisations process card payments securely and reduce card fraud. It has 12 PCI compliant requirements that meet a variety of security goals. However, Bonafidee questions why these policies don’t exist for all sectors. Bonafidee believes these strong regulations should be relevant to all organisations and protection of all data not just those connected to the financial sector. Every piece of sensitive data needs to be protected no matter why it is held.
With GDPR imminent, organisations will be forced to be more transparent with the sensitive data they hold and individuals will have more control over how their data is used. To be GDPR compliant, organisations are required to document how they process personal data, along with what data protection policies they have in place. Responsibility is high and where and how an organisation’s data is stored needs to be carefully considered. The rising use of cloud based systems to store sensitive data could be putting individuals’ data at risk. The question to ask is when moving to a cloud based storage system, how can you ensure that any information you store online stays secure? Once data is uploaded into the cloud, organisations have no control over who shares the same infrastructure putting data at risk. It is for this reason Bonafidee chooses to store its customers’ data on dedicated private servers.
Francis Lang, Chief Technology Officer at Bonafidee says “Bonafidee takes the protection of its customers’ data very seriously and has stringent policies and procedures in place. Under GDPR’s “right to be forgotten” Bonafidee will not only keep its customers’ data safe but will delete it if instructed to, giving our customers full control of their data. All data is stored within our own managed dedicated infrastructure in IL3/4 rated data centres in the UK. This decision not only allows us to know where exactly geographically our data is but who has access to it. This is an advantage over a cloud based environment as Bonafidee has complete control and visibility over all aspects of our secure data environment. We take these precautions to ensure that Bonafidee can offer our clients greater protection for their data and will hold onto it as long as our customers want us to.”