Most businesses use and store a large amount of personal and corporate data on customers, clients and various entities; otherwise, they wouldn't be able to trade. But under the law, they have a responsibility to look after that data in a certain way and ensure it's not used improperly or even stolen.
Business information, as it comes under the Data Protection Act, also relates to a company's employees. It includes such processes as recruiting staff and the information-collecting required and making sure staff records are secure, protected and not available for use for any purpose other than for which they are intended. The legal requirements also cover such activities as marketing products and services, and CCTV and the way it's used.
So what are the legal requirements for business data storage?
When a company is doing something that involves collecting personal information, they firstly have a responsibility to inform people what their company is and how they intend to use their data. The law says that when a company is storing this information, they must also tell people if they intend to share an individual’s data with other companies and organisations. Additionally, firms have to tell people that they can view their stored data and amend any incorrect information.
Businesses have to tell people that the data they're holding can be deleted at the person's request and that people can ask that their personal information is not used for various purposes — such as marketing, for example.
Companies are under a legal obligation to inform the Information Commissioner's Office about how they are using personal data and are bound to respond when a data protection request is made to identify any information held.
Failure to comply with the Data Protection Act can lead to fines of up to £500,000 or a prison term.