CALL US TODAY: 0203 983 8278
Email usenquiries@nathsolicitors.co.uk
Home // DATA BREACHES AND HUMAN ERROR: REDUCING RISK

The spotlight in data protection issues is usually shone on cyber attacks and other electronic data breaches. But it’s important to remember that physical data held within an organisation is also vulnerable.

If you need guidance regarding data protection and privacy, contact our data protection and confidentiality solicitors London on 0203 983 8278 or contact us online.

In its 2016/2017 annual report, the Information Commission (the ICO) acknowledged that cyber incidents were on the rise. But the most common data breaches reported to the ICO still arose from the following types of incident:

  • – Personal information faxed, emailed or posted to the incorrect recipient
  • – Data left unsecured and then stolen
  • – Lost information, for example because paperwork or an electronic device has been left on public transport. According to some reports 26,000 electronic devices are lost each year on the London tube network.

The Information Commissioner says that when her office investigates these incidents an organisation will usually blame human error. But the mistake of one individual will rarely be the underlying reason for a breach. Instead the human error will usually be the last link in the chain that has led to the breach.

Ultimately the responsibility for data security lies with an organisation and its data controllers. So rather than focusing in an individual’s mistake the ICO will look for evidence of mechanisms in place within the company that should have prevented the breach ever occurring.

At Nath Solicitors in London we work with companies in the UK and overseas to ensure they have processes and practical staff training in place that minimise the risk of human error and workplace behaviour that can lead to serious data breaches.

CREATING A CULTURE OF RESPECT FOR PERSONAL DATA

Personal data is now a valuable commercial commodity. The way your staff treat the information they have access to will have a long-term impact on your business.

The importance of effective staff training can’t be underestimated. Building an atmosphere where good data protection practice is seen as a key responsibility – part of the job – will reduce the risk of costly data breaches.

You can have all the processes in place you like but if you haven’t trained staff to understand the value and sensitivity of the personal data they handle the potential for serious data breaches will still be there.

The ICO recommends refresher training once a year. It’s also important to tailor the training to each job role. Employees in different parts of the business will have different data protection obligations.

TIDY DESKS, SECURE SERVERS AND PASSWORD PROTOCOLS

As we have seen data breaches can arise just as easily from carelessly stored physical data – on notepads, paper filing systems and other traditional information storage systems as from cyber attacks and electronically stored information. The legislation specifies that protected information covers:

“personal data processed in a non-automated manner which forms part of, or is intended to form part of, a ‘filing system’ (that is, manual information in a filing system).”

Information that’s left exposed at a workspace or in a conference room is a real risk. Consider a disgruntled employee copying personal information that’s visible on a desk and making that information public. Or an external contractor accessing personal information after an employee has forgotten to remove his or her smartcard from a work computer.

So post GDPR, a company-wide tidy desk policy really does matter.

This could include:

  • – Clear password protocols meaning passwords should never be written down
  • – Obliging staff to clear away all paperwork from desks at the end of the working day
  • – Installing privacy filters on all computer screens
  • – Encryption for all portable devices, ensuring the encryption key is separately stored
  • – Email control measures, including removal of the autocomplete function from Outlook so that less emails are sent to the wrong recipient

At Nath Solicitors we provide tailor-made audits to help clients get an accurate impression of the data they process, identify risks and introduce appropriate compliance protocols. Following a breach the ICO will immediately look at the preventative processes you had in place. A tidy desk and other appropriate policies will provide helpful evidence that your organisation takes data protection seriously.

CONTACT US

At Nath Solicitors we offer comprehensive GDPR training and advice. Call us now on 0203 983 8278 or contact us online.

    CONTACT US TODAY

    I accept the privacy policy

    To prove you are not a robot, please answer the following question:

    Testimonials

    "Shubha Nath is my go-to lawyer. She provided my department with commercial legal services for the best part of 10 years. She listens carefully to what the business requires, is clear in her explanation of complex legal agreements and frameworks and is incredibly fast at turning round documents. I was so impressed by her I've recommended her company Nath Solicitors to other businesses."

    Testimonial From Bernard McKeown

    "Shubha, I'd just like to thank you for helping me to come to an amicable settlement with my former company co-directors so quickly and effectively. The advice and suggested approach certainly worked very well for me and I also felt a sense of safety and control being mentored through a very daunting process. You are brilliant at what you do and you helped me to cope with a very stressful situation. I would not hesitate to recommend you and Nath…

    Testimonial From Stephan Hepton

    “I would like to thank and recommend Nath Solicitors and Shubha personally for all your professional advice and help. We have a variety of business interests from Medical and Dental to Analytics and Artificial Intelligence; I am extremely impressed how Shubha has been able to advise in all of these fields for a variety of unrelated projects. We have been particularly impressed with hard work, dedication, professional approach and personal touch. Dr Chetan.”

    Testimonial From Dr Chetan

    I live in Saudi Arabia. Although thousands of kilometers separated us, I picked up the phone and talked to Shubha and I asked her to help me in what I believed was a fraud case. She answered gladly. She was smart, honest, and professional; she has been receiving my calls, letters and emails for more than one month did not seem to mind at what time I communicated with her and it was any time and she always responded quickly. Shubha…

    Dr Aldarwish ( International client)

    We are pleased to note our satisfaction with the standard of service, offered to us by qualified and efficient team of Nath Solicitors. This is a Firm with high integrity and strong, traditional, values focusing on providing the utmost levels of customer satisfaction but don’t just take their word for it, take time to review their customer testimonials. Shubha Nath, who has been providing services to our company, has shown how passionate she is about her job and has delivered…

    MD of Security Company Dispute Resolution Testimonial

    Client comment on company incorporation and advice on a  shareholders agreement prepared by Shubha Nath. We felt well advised and Shubha protected our interests immaculately and we are truly very grateful to her for all her help in securing our interests. Director Food Company.

    Director of a Food Company
    Copyright. Nath Solicitors Limited. Registered in England and Wales. Company Number: 08724944. VAT number: 207490711. Office Located at: 35 Berkeley Square, London, W1J 5BF. Nath Solicitors Limited is authorised and regulated by the Solicitors Regulatory Authority. Registration number 608014. Terms Of Use. Privacy Policy. Cookies Policy. Complaints Procedure.