Reader Reaction: How do you ensure the security of your customers' data?

After the ICO was awarded the power to impose 500k fines, we ask how you keep data safe


Jonathon Britton, products and business information manager, FPB
When it comes to data security for clients, a lot of it is common sense. Printers should have different classifications for the data they hold. Some information will already be in the public domain, but some will not. Everyone knows that financial information is highly sensitive, but not everyone appreciates that HR-related information is too. Commercially-sensitive information like trade secrets and internal reports needs to be treated with similar caution. I would advise adhering to ISO 27001. It’s a lot for a smaller business to take on board, but printers are generally used to dealing with extensive regulation.

Alastair Smith, sales director, Nemc
Data is coming up the agenda as far as our clients are concerned and we have been investing in data protection to meet this trend. We are currently applying for ISO 27001 accreditation, which we expect to gain in the first quarter of next year. The public perception of data issues changed within a couple of months and everyone had to look at their processes and procedures. We were already operating to industry standards having invested in PCP encryption software, password protection and ensured limited access to data. We conform to DMA data compliance standards and have an annual review that looks at how we keep data.

Matt Bird, managing director, Etrinsic
All data transfer to and from Etrinsic occurs via our SFTP (Secure File Transfer Protocol) system, which automatically ensures 256kb encryption of any data sent or received. Two levels of secure swipe entry are required to gain access to our data management area, with all data held on secure standalone PCs, each of which requires secure login and password entry. As a standard, all data is held for a fixed period before being deleted and any proofing of live data occurs via SFTP. The level of security with regard to data use, storage, deletion and proofing is then replicated by all of our chosen partners as a condition of trading with Etrinsic.

Mark Cornford, managing director, Integrity Print
Our security arrangements are continually reviewed and we operate in an ISO 27001-accredited environment. We strongly encourage clients to exchange data with us via our secure FTPS site, where access is strictly controlled and sessions are authenticated, encrypted and logged. To eliminate manual intervention, an automated process immediately moves each file to a client-specific folder on our network with access rights that are restricted on a strict need-to-know basis. Client and production data may only be held on our servers, so there is no risk of data leakage. We encourage clients to audit our security systems.