CALL US TODAY: +44(0)203 670 5540
Home // DATA BREACHES AND HUMAN ERROR: REDUCING RISK

The spotlight in data protection issues is usually shone on cyber attacks and other electronic data breaches. But it’s important to remember that physical data held within an organisation is also vulnerable.

In its 2016/2017 annual report, the Information Commission (the ICO) acknowledged that cyber incidents were on the rise. But the most common data breaches reported to the ICO still arose from the following types of incident:

  • – Personal information faxed, emailed or posted to the incorrect recipient
  • – Data left unsecured and then stolen
  • – Lost information, for example because paperwork or an electronic device has been left on public transport. According to some reports 26,000 electronic devices are lost each year on the London tube network.

The Information Commissioner says that when her office investigates these incidents an organisation will usually blame human error. But the mistake of one individual will rarely be the underlying reason for a breach. Instead the human error will usually be the last link in the chain that has led to the breach.

Ultimately the responsibility for data security lies with an organisation and its data controllers. So rather than focusing in an individual’s mistake the ICO will look for evidence of mechanisms in place within the company that should have prevented the breach ever occurring.

At Nath Solicitors in London we work with companies in the UK and overseas to ensure they have processes and practical staff training in place that minimise the risk of human error and workplace behaviour that can lead to serious data breaches.

CREATING A CULTURE OF RESPECT FOR PERSONAL DATA

Personal data is now a valuable commercial commodity. The way your staff treat the information they have access to will have a long-term impact on your business.

The importance of effective staff training can’t be underestimated. Building an atmosphere where good data protection practice is seen as a key responsibility – part of the job – will reduce the risk of costly data breaches.

You can have all the processes in place you like but if you haven’t trained staff to understand the value and sensitivity of the personal data they handle the potential for serious data breaches will still be there.

The ICO recommends refresher training once a year. It’s also important to tailor the training to each job role. Employees in different parts of the business will have different data protection obligations.

TIDY DESKS, SECURE SERVERS AND PASSWORD PROTOCOLS

As we have seen data breaches can arise just as easily from carelessly stored physical data – on notepads, paper filing systems and other traditional information storage systems as from cyber attacks and electronically stored information. The legislation specifies that protected information covers:

“personal data processed in a non-automated manner which forms part of, or is intended to form part of, a ‘filing system’ (that is, manual information in a filing system).”

Information that’s left exposed at a workspace or in a conference room is a real risk. Consider a disgruntled employee copying personal information that’s visible on a desk and making that information public. Or an external contractor accessing personal information after an employee has forgotten to remove his or her smartcard from a work computer.

So post GDPR, a company-wide tidy desk policy really does matter.

This could include:

  • – Clear password protocols meaning passwords should never be written down
  • – Obliging staff to clear away all paperwork from desks at the end of the working day
  • – Installing privacy filters on all computer screens
  • – Encryption for all portable devices, ensuring the encryption key is separately stored
  • – Email control measures, including removal of the autocomplete function from Outlook so that less emails are sent to the wrong recipient

At Nath Solicitors we provide tailor-made audits to help clients get an accurate impression of the data they process, identify risks and introduce appropriate compliance protocols. Following a breach the ICO will immediately look at the preventative processes you had in place. A tidy desk and other appropriate policies will provide helpful evidence that your organisation takes data protection seriously.

CONTACT US

At Nath Solicitors we offer comprehensive GDPR training and advice. Call us now on +44(0) 203 670 5540 or contact us online.

CALL US TODAY FREE NO OBLIGATION QUOTE

I accept the privacy policy

Testimonials

Copyright. Nath Solicitors Limited. Registered in England and Wales. Company Number: 08724944. VAT number: 207490711. Office Located at: 35 Berkeley Square, London, W1J 5BF. Nath Solicitors Limited is authorised and regulated by the Solicitors Regulatory Authority. Registration number 608014. Also Located at 59 Alleyn Road, Dulwich, London SE21 8AD. Branch authorisation number 631697. Terms Of Use. Privacy Policy. Cookies Policy.