Susan Hall 12 August 2015

How to avoid mishandling data

How to avoid mishandling data image

Data breaches such as those revealed by the campaign group Big Brother Watch aren’t confined to local authorities.

This year alone there have been a range of serious data mishandling incidents in the public sector, not least South Wales Police who were fined £160,000 for losing a video containing evidence from a child sex abuse victim and a £190,000 fine to the Serious Fraud office for wrongful disclosure of evidence obtained in respect of their investigation of BAE Systems.

In the past year, the Information Commissioner’s Office (ICO) has dealt with 84 reported cases of data misuse, prosecuting in 18 instances and issuing fines in 11. Of the 84 cases reported, 37 involved public sector organisations, including one Housing Association. Big Brother Watch has this month called for custodial sentences for serious and persistent data offenders.

Data and access to it is a growing issue. The ICO has also recently cracked down on employers and others, such as insurance companies, who require job or policy applicants to carry out a ‘subject access request’ to GPs and police forces and disclose health records and any convictions or cautions. Enforced subject access requests are now a crime under section 56 DPA – a provision that only came into force in March of this year.

So what can you do to avoid a data disaster?

The most common issues of data mishandling in public services include mislaying USB sticks, failing to change passwords, not disposing of hard drives securely, leaving devices on trains, not putting in place software to remotely wipe out files, and lack of safeguards against access to personal computers.

In my experience, there are a number of reasons behind these issues, namely: lack of training and guidance, budget pressures leading to ill thought out use of IT shortcuts and adoption of ‘Bring Your Own Device’ remote or mobile working situations which are not backed up by appropriate safeguards and policies.

In the case of the social housing provider that was cautioned by the ICO, several documents containing third party personal details were revealed during a litigation process. The necessary documents required for the case were reviewed and redacted and placed on a desk in order to be photocopied, but a different member of staff was subsequently tasked with the photocopying and, in error, the original unreacted documents were copied and disclosed the sensitive information to the other party to the litigation.

The investigation identified that, while checks had been undertaken during the review process, no subsequent checks were made prior to handing them over. It also identified that, whilst data protection training was provided to staff at induction, refresher training was not in place at the time of the incident.

There is absolutely no room for error under today’s rigorous policies. The issue of data mishandling is so sensitive that even the smallest slip up, can result in loss of confidence, loss of revenue and, most importantly, unwelcome exposure for your clients and customers.

So what are the three key actions to safeguard against mishandling of data?

• Analyse policies, enforce them and ensure support training is in place which deals with data handling in an organisation
• Ensure repeated training to account for people taking up new job roles and therefore potential different data handling requirements
• Analyse what led to any breaches in data handling and adapt policies and support training as necessary

Opting out is not an option. Data handling polices and training are a necessary and integral part of any responsible organisation and needs informed and proactive engagement from top to bottom.

Susan Hall is a partner in the intellectual property team at national law firm Clarke Willmott.

Supporting the most vulnerable in Herts image

Supporting the most vulnerable in Herts

Hertfordshire CC is investing £9.6m to support its most vulnerable residents in overcoming the repercussions of the pandemic. Scott Crudgington explains why the council is determined to remain ‘a county of opportunity’ for all.
For your free daily news bulletin
Highways jobs

People Technology / HRIS Analyst

Essex County Council
Up to £42174 per annum
The Opportunity The People Technology / HRIS Analyst will be responsible for supporting the ongoing management of people-based technology including England, Essex, Chelmsford
Recuriter: Essex County Council

Principal Energy Engineer

Surrey County Council
£45,734 - £51,725 per annum
Do you have experience in working with delivering carbon reduction measures into a range of building projects? Surrey
Recuriter: Surrey County Council

Wellbeing and Independence Practitioner - Safeguarding

Essex County Council
£27203 - £31370 per annum
Please note, this role is a Fixed Term Contract until the end of March 2022. With us, you can achieve more - for yourself as well as those you work England, Essex, Chelmsford
Recuriter: Essex County Council

Chief Fire Officer/Chief Executive

Essex County Fire & Rescue Service
c. £150,000
Are you ready for an exciting and rewarding opportunity Essex
Recuriter: Essex County Fire & Rescue Service

Housing Development Manager

City of York Council
£36,476 to £41,830 per annum
Do you want to play a key part in the delivery of “the UK’s most ambitious council-led housing programme in a generation”? York, North Yorkshire
Recuriter: City of York Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue