Help with Christmas data protection
To make sure organisations don’t get the post-Christmas blues, the Information Commissioner’s Office (ICO) has offered the following timely warning:
- If you are running a skeleton staff in the lead-up to and during the Christmas holidays, then careful of cybersecurity breaches. The ICO said that it has seen lots of cases where responses sent out around the holidays “… mistakenly contained personal information either due to time constraints or because there was no one available to check the information.”
The ICO has given the seasonal present of these helpful 7 top tips (see http://tinyurl.com/zvopf8e):
- Make sure all staff are aware of any changes in the sign off process. If someone different is signing off requests, let them know. It’s important that there are staff available to know how to redact information and use any necessary software.
- When taking extended leave, out of office emails should include an alternative, monitored email address so that incoming Freedom Of Information and Subject Access Requests can be logged immediately by a staff member.
- If there are going to be delays in sending out responses, remember it’s important to keep all requestors updated.
- It’s a good time to remind all staff who work from home about data protection home working policies and procedures.
- Consider how systems can be checked for potential data breaches during longer periods of shut down. Put a contingency plan in place for monitoring information security with fewer staff. Make sure the systems are backed up regularly to protect from disasters and against malware such as ransomware.
- Prepare for the worst: create a plan for managing data breaches factoring in any office closures. Think about how you would update customers if the organisation suffered a data breach and the usual channels were not available.
- If you use an IT contractor, talk to them about the requirements of your business over the Christmas period.