Home | Ask a Question | Insurance Glossary | Understanding Risk & Insurance | Benefits | Get a Quote | Contact

Risk Matters 2

Cyber Insurance

Cyber liability/Data protection:
the importance of breach of data and the potential impact

This newsletter looks at the key issues faced by Optometry Wales members in relation to the holding and protection of data.

The Data Protection Act 1998 & Information Commissioner’s Office

In depth information on the Data Protection Act can be reviewed here:

https://www.gov.uk/data-protection/the-data-protection-act

In simple terms, it outlines the duties of anyone who holds sensitive data, and provides powers to the Information Commissioner's Office (ICO) who's interest is to 'uphold information rights in the public interest'.

More information on the ICO can be found here:

https://ico.org.uk

What do you need to do?

Register with the ICO as a 'Data Controller'.

Understand your responsibilities as a Data Controller.

The key focus is the data protection principles, any data held must be:

  • Used fairly and lawfully
  • Used for limited, specifically stated purposes
  • Used in a way that is adequate, relevant and not excessive
  • Accurate
  • Kept for no longer than is absolutely necessary
  • Handled according to people’s data protection rights
  • Kept safe and secure
  • Not transferred outside the UK without adequate protection

More information can be found here:

https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/

What do you need to do if you have a data breach?

You must notify the Information Commissioner of any personal data breaches within 24 hours of becoming aware of the essential facts of the breach. This notification must include at least:

  • Your name and contact details
  • The date and time of the breach (or an estimate)
  • The date and time you detected it
  • Basic information about the type of breach
  • Basic information about the personal data concerned

The ICO will then investigate the breach, and decide if any fines penalties or rectification action is required. The rectification costs can be time consuming and financially challenging, such requests may include having to advise all individuals that they have had their personal data breached, and even credit monitoring services for all individuals who have had their records breached for a period of time, may be enforced by the ICO. We have seen estimates per record to rectify a data breach indicated at £50-£75 PER RECORD.

For some example enforcement actions taken by the ICO please click here:

https://ico.org.uk/action-weve-taken/enforcement/

Insurance and Risk Management

As borne out by the recent survey, few members of Optometry Wales currently insure for breach of data, and the consequent costs, which can be substantial in terms of penalties and rectification costs. Furthermore, it is apparent many are not registered with the ICO.

We have partnered up with Proficient Systems Limited to offer a free IT Security Audit to all Optometry Wales members.

Request a FREE IT Security Audit →

Further Help and assistance

Optometry Wales Insurance Services is happy to discuss all the issues raised in this Newsletter with any member. Please do not hesitate to contact us should you which to discuss any aspect in more detail.

Home | Ask a Question | Insurance Glossary | Understanding Risk & Insurance | Benefits | Get a Quote | Contact

Optometry Wales Insurance is a trading style of Protect Commercial Insurance Solutions Limited | Registered in England & Wales No. 08365670. | Privacy Policy

Registered Office: 33-35 West Bute Street, Cardiff, CF10 5LH.

Protect Commercial Insurance Solutions Limited is authorised and regulated by the Financial Conduct Authority.