What is confidential information and how does it affect your finances?
07.09.2020Back to blog list
There are many people who are innocently unaware of the damage a loss of confidential data might cause your business and you in particular.
There is an edifying example, which proves common knowledge that there is many a slip ‘twixt cup and lip.
The story took place in Britain when the Top Gear presenter Jeremy Clarkson wrote in his column in the Sunday Times that the mass identity theft scandal of lost CDs containing the banking details of 7 million families is a media hype
from thin air.
"I have never known such a palaver about nothing. The fact is we happily hand over cheques to all sorts of unsavoury people all day long without a moment's thought. We have nothing to fear."
To substantiate his point he also printed his bank, car and address details. Clarkson intended to show that his money would be safe.
The funny thing is that right after his column had been printed he opened his bank statement to find his details were used to set up a £500 direct debit to the British Diabetic Association.
He commented that the bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again.
"I was wrong and I have been punished for my mistake", – he wrote on the subsequent column.
So, let us delve into the topic and answer some FAQ.
What is confidential information?
By confidential information we define information, which includes personal data that might cause a financial loss or the data one does not want to make public. Confidential information also encompasses trade secrets, comprises customer-related data and product development data.
To be precise confidential data includes:
Marketing and fundraising data
• postal addresses
• phone number
• email addresses
• job title and organization
• details of donations made by the data subject or the organization which they work for
Financial data such as
• tax codes and bank account details
• insurance details and details of next of kin
• personal details: address, phone numbers, passport details
• information gathered via the recruitment process such as that entered into a CV or included in a CV, references from former employers, details on your education and employment history
• national Insurance numbers, bank account details and tax codes
• pension and insurance details
• medical or health information
• information relating to your employment: job title and job descriptions, salary, terms and conditions of employment, formal and informal proceedings such as letters of concern, disciplinary and grievance proceedings, annual leave records, appraisal and performance information, internal and external training modules undertaken; expenses paid during travel or other circumstances; benefits claimed including gym membership and dental insurance.
SearchInform DCAP solution helps to mitigate the insider risk conditioned by disgruntled or money-grubbing employees. It is one hundred percent compatible with GDPR, HIPAA, PCI DSS regulations. It proves that your business evolves around valuable sensitive data and it is a high priority for an enterprise to make every possible effort in order to keep the data safe.
Incident display screen
How sensitive the information is?
Protection of confidential data should start with identifying what information is de facto confidential. Every piece of business information must be correctly tagged, so that everyone who works with it is aware of its sensitivity level.
It is possible to distinguish between four types of information: public, internal, confidential and restricted.
By public, we mean information that can be freely shared. Internal is potentially sensitive information that needs special rendering. When the data is marked as confidential it might affect employees or the business in a negative way (e.g. business plans, manufacturing techniques, know-how), so it should not be disclosed to unauthorized parties. Restricted type of information presupposes that we have a regulatory or legal obligation to maintain and protect it (e.g. trade secrets, intellectual property). In fact, when revealed, trade secrets are prone to losing their value.
Every company must be extremely cautious towards its data. SearchInform advices to control external communications across all forms of media.
SearchInform Risk Monitor neutralizes the human factor and protects a company from all types of fraud and internal incidents.
When using the firm’s electronic communications system an employee must not disclose any confidential data of the company. It should be prohibited to share sensitive, confidential, or restricted information in public areas or social conversation, every member of staff must be on the alert.
We would like to substantiate the point by highlighting that the EU's General Data Protection Regulation, widely known as GDPR, requires all enterprises doing business within the European Union to protect personal data. This is relevant to all types of electronic communications such as e-mail messaging and forms used in electronic services.
To what can breach of sensitive data lead to?
Any leakage of sensitive data might trigger losing the company’s reputation, which in its turn may jeopardize company’s partner relationships and cause a loss of income. If it is not enough, an info-leak can induce legal or criminal liability.
We should also buttress our money-losing point and indicate that various data protection authorities can impose penalties on a company if the personal data is not processed in a secure way. Modern legislation requires organizations to share, store and dispose data in a secure way, so that business-related data is kept secret.
So, we have come to the most important question of this article:
How to ensure the security of confidential data throughout the company?
In case you want to guarantee your company operates appropriately and sensitive data is safe and secure, apply an approach which:
• ensures compliance with personal data protection regulations (PCI DSS, Basel, HIPAA and full GDPR compliance support)
• guarantees personal data privacy, confidentiality and responsible use of customer nonpublic information and PHI (Protected Health Information)
• controls access rights differentiation and delimits roles of users authorized to work with particular data
• shapes behavior of users accessing and processing personal data and detects any discrepancy or deviation
• manages and examines newly created and current accounts in order to discover identity theft as early as possible
• ensures data privacy, excludes risks concerning legal issues during personal data collection, analysis and storage
SearchInform FileAuditor is a DCAP-solution (Data-Centric Audit and Protection) that was developed for automated file system audit, search for access violations and monitoring changes in critical data. Read more about setting up access to company files.
The reasonable solution for a business is to invest in a cyber security software, which helps to neutralize the human factor and protect a company from all types of fraud and internal incidents.