Keeping private data private has always been a huge priority for accountants, but a recent UK Supreme Court ruling has made it more important than ever.
In a landmark case against Google, it was decided that compensation must be paid out in the event of a security breach, even if the breach hasn't resulted in any financial loss for the client.
What was the ruling?
The 2015 Google Inc. v Vidal-Hall court case ruling has nothing to do with accounting, but it does have massive knock-on effects for any business that deals with sensitive data. The case was based on Google working around the privacy settings of Safari (the Apple iPhone browser) to share the claimant's search data with advertisers. No-one was claiming for financial loss, but rather for distress and anxiety.
The court ruled in the claimant's favour, ordering Google to pay compensation. This ruling both clarified and broadened the Data Protection Act, as it was previously thought that companies would only need to pay compensation if the data breach resulted in a financial loss.
How will it affect accountants?
John Warchus (of law firm Moore Blatch LLP) believes that this ruling could result in more litigation towards accountants. He warns that "accountants should urgently review their data protection procedures and strengthen where necessary as more compensation claims are likely and the amount of damages awarded is also likely to increase.”
Security breaches can happen in any industry, but in a field such as accounting – where professionals routinely handle highly sensitive, personal information – the risks, and potential consequences, are particularly serious.
How can I increase my level of protection?
Needless to say, having robust, up-to-date firewalls and anti-virus software installed on computers is essential. And, although it might be slightly onerous to continually install anti-virus software updates, it's important to keep up with these to stay protected against evolving threats.
Another smart measure is to keep on top of deleting and destroying old client files, purging folders once fortnightly or monthly to minimise build-up. The Data Protection Act states that sensitive data shouldn't be kept for longer than absolutely necessary, and it's a rule that could help to minimise the impact of a breach.
The Association of Chartered Certified Accountants also emphasises that, even if accountants are using cloud platforms to store personal data, they can't transfer full responsibility to a third-party provider in the event of a breach. That's why it's crucial for accountants to go through a thorough due diligence process before selecting a provider, paying special attention to encryption security and the location of data centre servers. An up-front investment of time (and even paying slightly more for a more secure provider) could prove more cost-effective in the long run.
*10% of professional customers paid this or less for business insurance between August 2015 and January 2016