It's National Identity Fraud Prevention Week (NIFPW), and hearing a story about this on the radio this morning gave me pause for thought about the growing requirement for printing companies in general to implement suitable data handling procedures.
A year or two back it seemed that hardly a day went by without a CD or laptop going missing that contained the personal details of thousands, or even millions, of people. Perhaps the outrage kicked up by this series of unforgivable lapses helped focus attention, because it seems such incidents are far rarer nowadays.
The one case that really sticks in my mind from among those many horror stories, though, involved the theft of a laptop containing the personal details of 26,000 Marks & Spencer employees. This is because the laptop in question was stolen from the printing company that was handling the production of employee communications for the retailer. M&S subsequently received a dressing down from the Information Commissioner's Office for not having suitable procedures in place to encrypt the data. It still makes me go hot and cold just thinking about the fallout that must have ensued.
NIFPW reports that a survey carried out on its behalf found that 64% of businesses had a proper policy on how to handle sensitive information, a figure it describes as "shocking". I like to think that among printing companies that figure would be a lot higher.
It's obvious that holding the ISO 27001 information security management standard is a de facto requirement for any firms involved in transactional/security print and for the big DM suppliers. But in a world where standard desktop tools allow the production of fairly sophisticated personalised documents, and where this information could end up being sent to any number of printing companies equipped with relatively inexpensive digital printing kit, it seems to me that printers who wouldn't previously have handled personal data could potentially find themselves exposed.
If this could be you, have a look at the NIFPW's website where a new guide is available including tips on how to keep corporate data safe. The Information Commissioner's Office website also has links to useful resources too.
