D: Some security ultimately cheaper than none

New freeware packages are also helping small businesses comply with data protection regulations.

With the latest amendment to the German Federal Data Protection Act (BDSG) that came into force on September 01, 2009, the requirements that must be observed and implemented with regard to data protection have also been significantly tightened up for small businesses. In accordance with §42a of the BDSG, companies are now obliged to inform the relevant authorities whenever they establish that any data stored with them has gone missing or has been unlawfully provided to third parties, whereby no distinction is made between data that has been lost, stolen, or unlawfully passed on to third parties. Although this obligation to provide information relates solely to the loss of "sensitive data", such as bank or credit card data, health data, and inventory, usage, and billing data within the meaning of the German Telemedia Act (TMG), it also applies to data subject to professional secrecy and data relating to criminal offenses, administrative offenses, and suspicions of such offenses.

The new amendment states that the company concerned must take immediate action in the event of a serious threat to the protection of the rights or interests of the persons concerned, that is, in the event of anticipated social damage to the persons concerned. In such cases, the company must inform both the regulatory authority and the persons concerned, if necessary by placing a notice, of at least half a page, in at least two German national daily newspapers. Companies that do not fulfill their obligations either at all, correctly, in full, or on a timely basis shall be deemed to have committed an administrative offense and must thus pay a fine of up to €300,000, in accordance with §§ 43, Para. 2 No. 7, Para. 3 of the BDSG.

There are virtually no organizations that do not accrue and automatically process such data in one form or another. For this reason, small businesses should also think about what they can do to protect data stored with them from being lost or accessed by third parties without authorization. Aimed at freelancers and smaller companies that are financially not able to invest in expensive solutions, two innovative solutions were released as freeware at the end of September 2009:

1.The solution Microsoft Security Essentials (MSE) can be downloaded for free from Microsoft's website. MSE is in particular aimed at companies and individuals who, for financial reasons, have previously not installed any software to protect their PCs against viruses, Trojans, and rootkits. Initial test reports have confirmed that MSE offers good performance and a high detection rate.

2. Sophos offers a free data encryption tool for private users, freelancers, and small businesses. "Sophos Free Encryption", based on the well-known "Safeguard Easy" solution, can be integrated into the context menu in Windows Explorer and in standard e-mail clients such as Microsoft Outlook and Lotus Notes. The tool is compatible with Windows 7, Windows Vista, Windows XP, and Windows 2000.

As both of the above software solutions are completely new to the market, no reliable test reports are currently available from independent third parties. But before small businesses rule out using an encryption solution and virus protection software for financial reasons, they should consider using the two freeware solutions mentioned above- it won't cost them a cent but could ultimately save them a fortune.