Peter Hartley is Key Account Manager for 3M Privacy Filters. He tells us why ISO27001 is so important for businesses and explains how 3M can help them become compliant, but first, we asked him about his experience and the areas he looks after.
Peter, What’s Your Background?
“I’ve worked in sales for over 30 years, at least 25 of which within the channel, across IT, telecoms, office equipment and stationery accessories. I joined 3M four years ago to look after privacy filters, working with both distribution and resellers. The focus is on building a close relationship with resellers to help understand how customers can benefit from 3M Privacy Filters, including compliance with the latest security compliance policies such as ISO27001. In addition, the team is helping end users (corporates and public sector organisations) become more aware of their data security requirements.
It’s really about education: teaching and training the marketplace around the latest legal and commercial requirements. Not only are resellers now actively selling new products into the customer base, but they are receiving more enquiries from informed end-users. Increasingly, data protection guidelines are being introduced internally to sit alongside legal security compliance policies and privacy filters have a beneficial role to play there.
Why Should Companies Care About ISO27001 – What’s The Bottom Line And How Does Visual Privacy Fit In With That?
“Hefty fines are really highlighting the issue: the Information Commissioners Office [ICO] can issue fines of up to £500,000 for serious breaches of the Data Protection Act and Privacy and Electronic Communications Regulations. This means that many organisations are becoming more aware of financial fines they could potentially be exposed to, if they don’t ensure the security of on-screen data on laptops, monitors and mobile devices.
Information security standard ISO27001 covers a broad brief. While mainly centred around security of hardware data, including disk encryption and password strategy, there is a section on visual security, which is often overlooked – it states ‘Equipment shall be sited or protected to reduce the…opportunities for unauthorised access’. Either way, companies must make every reasonable effort to ensure the information their employees hold – either confidential or personal – is as secure as humanly possible. This applies equally to viewing onscreen data in open offices and mobile environments.
Importantly, it is easy for businesses and public sector organisations to comply with these visual security requirements. Fitting privacy filters is an immediate solution and inexpensive compared to the business process requirements typical of other security policies.”
Is Compliance With ISO27001 Simply About Meeting The Rules, Or Is There More To It?
“Becoming ISO27001 certified can be seen as a daunting prospect, but many businesses are just getting on with it, particularly as often it fits in with their own data protection guidelines. More recently the ISO standard has been updated to ISO27001:2013, which includes how third party suppliers use your data. So, ensuring data is kept visually safe from company visitors and other clients has never been more important.
Are There Particular Types Of Customer Who Benefit From Privacy Filters?
For both large and small companies, protecting their valuable onscreen data makes good commercial sense. In many sectors, such as financial services, the fines and risk involved far outweigh any investment in filters. Some large companies will refresh thousands of laptops at once and specify privacy filters by default. In smaller organisations, not all workers may need such protection, just those working in open areas and mobile workers.
Either way, such protection gives confidence for staff to open their laptop and work – without the worry of data breaches. We’ve all seen team meetings and contract negotiations occurring in cafes and hotels – sitting around with open laptops that could show customer information or valuable commercial data available to unauthorised prying eyes. It comes down to providing peace of mind. When using privacy filters, in the unlikely event that you bent down to tie a shoelace, for example, and someone leaned over and looked at your screen, at least you could show that you made every reasonable effort to comply with current guidelines.
Peter, What Final Message Would You Like To Leave With Readers?
Protecting onscreen data is critical for any environment where confidential information offers a tempting distraction for inquisitive eyes. Not just on planes or coffee shops, but everything from visitors to customer service operations, to retail outlets and hospitals. Meeting the requirements of ISO27001 is important not just for peace of mind, but to avoid the risk and substantial penalties.”