Companies in the U.K. are tasked with complying with the mandates covered under the Data Protection Act, a wide-reaching law that aims to hold companies and organizations that store personal data accountable for protecting it.
In a recent report for Supply Management, contributor Beverley Flynn offered numerous tips for companies to ensure they don't run afoul of the law.
For starters, it's important for companies to know exactly what type of information is covered under the law. According to Flynn, the DPA defines personal data as information that relates to a living individual who an be identified based on the stored data. Flynn advised that companies first determine if they are responsible for such data.
Flynn also gave advice for working with third-party vendors. Companies storing data, referred to as data controllers, should review their contracts with third-party vendors, called data processors, to ensure all DPA mandates are met.
While the United States doesn't have a similar blanket data security law – currently there are 47 laws in use by the states and the District of Columbia – certain mandates do call for the protection of personal information. For example, companies that store payment card data are tasked with meeting PCI compliance.