Company encryption policies and data protection

Many companies have confidential data stored on their servers and some people in the company should not have access to them, so companies establish security policies among their employees to decide what data they can access. Some companies are spread internationally by all countries in the world and we must take into account that each country has its data protection laws so different strategies are needed to protect confidentiality data following the law.

Employees of companies are entitled to compensation in case their confidential personal information is unduly relieved, that is why they use file encryption solutions.

These solutions can often slow down the internal communication system since the files must be decrypted and encrypted each time they are consulted, so it is essential that managers and managers of the company decide which files are sensitive to increase security and prevent these files from going out to the public.

If it was to happen that a person’s information was inadvertently disclosed, then that person has the right to seek compensation. In April of 2011 hackers broke into Sony’s PlayStation online store.  Hackers were able to retrieve personal information such as names, addresses, dates of birth and credit card information.  This information could have been (and may have) sent to criminals to use for their own nefarious purposes.  Consequently, Sony was hit with a £250,000 fine after the Information Commissioners Office found that the company was guilty of allowing a ‘serious breach’ of the Data Protection Act for failing to use appropriate security software on its PlayStation Network.  This highlights the importance of companies to encrypt personal information that they hold, and the ramifications if they fail to do so.

Companies that conduct their business internationally must be aware of the different kinds of legislation of encryption laws in overseas countries.  For instance, some counties do not allow large encryption keys to be exported.  Therefore, this puts network administrators in a position in which they need to develop an encryption based solution which fits within the legal guidelines of the country that they are dealing with.  Consequently, company encryption policies must be developed to cater for their overseas ventures.