The spotlight in data protection issues is usually shone on cyber attacks and other electronic data breaches. But it’s important to remember that physical data held within an organisation is also vulnerable.
In its 2016/2017 annual report, the Information Commission (the ICO) acknowledged that cyber incidents were on the rise. But the most common data breaches reported to the ICO still arose from the following types of incident:
The Information Commissioner says that when her office investigates these incidents an organisation will usually blame human error. But the mistake of one individual will rarely be the underlying reason for a breach. Instead the human error will usually be the last link in the chain that has led to the breach.
Ultimately the responsibility for data security lies with an organisation and its data controllers. So rather than focusing in an individual’s mistake the ICO will look for evidence of mechanisms in place within the company that should have prevented the breach ever occurring.
At Nath Solicitors in London we work with companies in the UK and overseas to ensure they have processes and practical staff training in place that minimise the risk of human error and workplace behaviour that can lead to serious data breaches.
Personal data is now a valuable commercial commodity. The way your staff treat the information they have access to will have a long-term impact on your business.
The importance of effective staff training can’t be underestimated. Building an atmosphere where good data protection practice is seen as a key responsibility – part of the job – will reduce the risk of costly data breaches.
You can have all the processes in place you like but if you haven’t trained staff to understand the value and sensitivity of the personal data they handle the potential for serious data breaches will still be there.
The ICO recommends refresher training once a year. It’s also important to tailor the training to each job role. Employees in different parts of the business will have different data protection obligations.
As we have seen data breaches can arise just as easily from carelessly stored physical data – on notepads, paper filing systems and other traditional information storage systems as from cyber attacks and electronically stored information. The legislation specifies that protected information covers:
“personal data processed in a non-automated manner which forms part of, or is intended to form part of, a ‘filing system’ (that is, manual information in a filing system).”
Information that’s left exposed at a workspace or in a conference room is a real risk. Consider a disgruntled employee copying personal information that’s visible on a desk and making that information public. Or an external contractor accessing personal information after an employee has forgotten to remove his or her smartcard from a work computer.
So post GDPR, a company-wide tidy desk policy really does matter.
This could include:
At Nath Solicitors we provide tailor-made audits to help clients get an accurate impression of the data they process, identify risks and introduce appropriate compliance protocols. Following a breach the ICO will immediately look at the preventative processes you had in place. A tidy desk and other appropriate policies will provide helpful evidence that your organisation takes data protection seriously.
At Nath Solicitors we offer comprehensive GDPR training and advice. Call us now on +44(0) 203 670 5540 or contact us online.
"Shubha Nath is my go-to lawyer. She provided my department with commercial legal services for the best part of 10 years. She listens carefully to what the business requires, is clear in her explanation of complex legal agreements and frameworks and is incredibly fast at turning round documents. I was so impressed by her I've recommended her company Nath Solicitors to other businesses."Testimonial From Bernard McKeown
"Shubha, I'd just like to thank you for helping me to come to an amicable settlement with my former company co-directors so quickly and effectively. The advice and suggested approach certainly worked very well for me and I also felt a sense of safety and control being mentored through a very daunting process. You are brilliant at what you do and you helped me to cope with a very stressful situation. I would not hesitate to recommend you and Nath…Testimonial From Stephan Hepton
“I would like to thank and recommend Nath Solicitors and Shubha personally for all your professional advice and help. We have a variety of business interests from Medical and Dental to Analytics and Artificial Intelligence; I am extremely impressed how Shubha has been able to advise in all of these fields for a variety of unrelated projects. We have been particularly impressed with hard work, dedication, professional approach and personal touch. Dr Chetan.”Testimonial From Dr Chetan
I live in Saudi Arabia. Although thousands of kilometers separated us, I picked up the phone and talked to Shubha and I asked her to help me in what I believed was a fraud case. She answered gladly. She was smart, honest, and professional; she has been receiving my calls, letters and emails for more than one month did not seem to mind at what time I communicated with her and it was any time and she always responded quickly. Shubha…Dr Aldarwish ( International client)
We are pleased to note our satisfaction with the standard of service, offered to us by qualified and efficient team of Nath Solicitors. This is a Firm with high integrity and strong, traditional, values focusing on providing the utmost levels of customer satisfaction but don’t just take their word for it, take time to review their customer testimonials. Shubha Nath, who has been providing services to our company, has shown how passionate she is about her job and has delivered…MD of Security Company Dispute Resolution Testimonial
Client comment on company incorporation and advice on a shareholders agreement prepared by Shubha Nath. We felt well advised and Shubha protected our interests immaculately and we are truly very grateful to her for all her help in securing our interests. Director Food Company.Director of a Food Company