I have implemented information control for one-person organisations – because even a small organisation will have some need to share information with other people and organisations.
It is an essential step in any IT and Cyber Security Audit to examine who, has access to what information and what steps are in place to limit that access to only those that need it. If not, this can happen:
Redcar council worker ‘accessed child service data’ without approval – BBC News
Redcar and Cleveland Borough Council have featured on Smart Thinking before for poor cyber security.
Your infromation will be safe
Trust me – data protection act or not – if someone in our organisation deliberately accesses sensitive information they are not authorised to access, I will dismiss them. Ourclients can rely on this to know their infomration is secure and well looked after.
If you do not know how segregate and secure your infromation, then read this:
Clive Catton MSc (Cyber Security) – by-line and other articles