Email: an open invitation to hackers
Advisers are taking risks by not using a secure service when sending sensitive financial information over the internet, says Alison Jackson, sales director, Linden House.
Data Protection law is tough – and set to get tougher still in the next two years. The Information Commissioner’s Office (ICO) has already said that sensitive personal data should not be transmitted by email across the Internet unless encrypted to current standards – so it is essential to adopt a more secure process. “Protection cannot be left to chance and it is no longer enough to do only the bare minimum necessary to comply with the law: proper safeguards have to be built in from the first principles, not bolted on inadequately as an afterthought,” ICO states in its recommendations.
New EU rules
Financial advisers handle sensitive personal information for their clients on a daily basis and are legally obliged to protect their clients’ data in accordance with the Data Protection Act. Additional new EU rules are likely to be introduced in 2014 and although it is not yet known whether these will be in the form of a regulation or
a directive or both, the prognosis is for tougher sanctions with fines of up to 2% of turnover. Likely changes could include:
• Broader definition of personal data
• Explicit consent
• Right to be forgotten
• Notification of breaches
• Tougher sanctions – possibly up to 2% of global turnover.
This could have a significant impact on firms that do not abide by the rules. So what should advisers be doing to ensure their electronic communication is secure?
One option is not to use email at all and use a secure portal for document exchange that encrypts every item of data going back and forwards to the highest levels as used by the government and banks. Not only is the data encrypted during transmission, all files and data are encrypted in storage in the cloud making it impossible for hackers to penetrate. The document portal acts as a mechanism for secure document storage, sharing, distribution and workflow between companies and individuals. Users are able to publish documents to an individual notifying them via an email address. The document is securely uploaded to a hosted environment and an email notification is sent to the client advising them that there is a document for their attention. Users can approve and change the status of portal documents as well as respond to them. This rapidly becomes second nature, allowing digital/electronic signatures to provide a seamless end-to-end sign off process.
Serious about security
The streamlining and the securing of client communication cannot be left to chance. The Data Protection Act states that Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’. While the law doesn’t say emailing is legal or illegal, if something goes wrong and the latest advice from the ICO has not been complied with, the adviser is more likely to be found to be at fault.
Use of a portal demonstrates that security is being taken seriously and ensures a secure end-to-end automated document delivery process that enables the legally admissible digital sign-off of documents.
To find out more go to: www.lindenhouse.co.uk