Ely, England, 16 June 2011 – IT Governance (ITG), the one-stop shop for compliance and information security expertise, is taking the pain out of complying with the Data Protection Act (DPA) with a new e-learning course, designed to minimise the risk of untrained staff making very expensive mistakes.
ITG has drawn on the company’s years of DPA awareness training to provide a comprehensive and accessible online e-learning Data Protection Awareness course, aimed at informing the staff of UK organisations about the Act’s requirements and enforcement by the Information Commissioner’s Office (ICO).
Alan Calder, Chief Executive of ITG, says: ‘The many media reports of data breaches and cyberattacks this year have demonstrated why private information must be better protected. This month, for example, the ICO issued Surrey County Council with a £120,000 penalty after e-mails containing sensitive information were sent to the wrong recipients on three separate occasions by staff members. Similarly unacceptable, but in an overtly criminal vein, two former T-Mobile employees have been fined a total of £73,700 this month, after stealing and selling customer data. All staff need to be aware of the requirements of the DPA, the risks of non-compliance (whether unintentional or criminal) and educated and trained accordingly.
‘Incident after incident indicates one of the weakest links in DPA compliance is staff. Employees who do not understand their responsibilities can make errors that will cost their organisations very substantially indeed. The maximum penalty for a serious contravention of the DPA is a £500,000 fine, imposed by the ICO. Any company or organisation failing to take responsible measures to comply will be in the firing line. There could even be prison sentences for deliberate, or negligent, customer data leaks by individuals within an organisation.
‘Consistent and systematic staff training, and consequent up-to-date awareness, about the requirements of the DPA is essential if organisations want to protect themselves. Each member of the team must understand their own responsibilities, and how those responsibilities fit into their organisation’s overall drive to comply with the DPA. The best way to achieve these objectives is through e-learning, and our new course offers the simplest, quickest and most economical means possible for an employee to learn how to comply with the DPA.’
Staff can conveniently take the DPA course at their desks or, indeed, from the comfort of home. Having completed the 30-minute course, staff members take a 20-question test, after which a printable certificate is awarded.
Calder continues: ‘E-learning brings many user benefits, but in the current economic climate, the course’s cost savings compared to conventional face-to-face training methods are particularly important. There is no need to pay for an instructor, or to hire a meeting room. Furthermore, the travel, accommodation and subsistence costs associated with sending staff to off-site training do not apply. And, by minimising the time staff spend away from their desks when training, e-learning brings a business direct efficiency gains.
‘Another benefit of e-learning is that the process automatically retains records of which staff have completed the course, so employers can easily monitor the compliance status of the company and see hard evidence of each employee’s level of understanding.’
ITG’s e-learning course is designed to teach staff core information about the DPA, including who is responsible for protecting data in a company, the Act’s eight data protection principles, the individual’s six data protection rights as defined in the Act and staff’s day-to-day role in protecting personal information.
Calder continues: ‘The eight principles of the Act outline relevant information for all staff with access to personal data, including how such information should be processed and for how long that information should be kept. It is also important for staff to be aware of an individual’s six data protection rights, such as the right to claim compensation in damages if the Act is breached. With this knowledge, staff will be better prepared to implement and comply fully with the Act.’
ITG’s new e-learning course for DPA Staff Awareness is on sale now at: www.itgovernance.co.uk/products/3392, priced at £20 per user throughout June, and £45 (US$74.37/€51.70) per user thereafter. Discounted prices are available for companies wishing to train 15 or more staff.
Calder says: ‘When strengthening the weakest link in DPA compliance costs as little as £20 per employee, why would any company risk fines of up to £500,000?’
Furthermore, for a company needing to train 51 or more members of staff, the course can be customised. Any business buying this customised package will be able to include the firm’s own policies, procedures and in-house ‘look and feel’ into the e-learning course, as well as any relevant, company-specific information. The flexible pricing model ensures companies can add or remove users, in line with staff changes, without incurring additional fees. ITG can also train clients in how best to administer the customised course.
ITG’s e-learning course is just one part of the company’s expanding range of DPA compliance support products, including the Complete DPA Toolkit, which contains a DPA compliance assessment tool, pocket guides and data protection awareness posters. The Toolkit is available for £249 (US$411.51/€268.10).
Complementing these products, ITG offers a DPA consultancy service to provide a rapid and clear analysis of a company’s compliance status. ITG’s consultants can help to create and implement a remedial plan and propose the necessary steps to ensure a company remains compliant.
The DPA course is the fifth offering in the IT Governance e-learning series. The other courses are: Payment Card Industry Data Security Standard (PCI DSS) Staff Awareness Edition, PCI DSS Technical Edition, Information Security Staff Awareness and Information Security and ISO27001 Staff Awareness.