Most people who get into trouble for breaches of the Data Protection Acts do not set out to do anything wrong. Usually it is just because they did not think. I know, because I have had a few near misses in my time. So here are seven things for you to think about that will help you keep out of trouble. You might think I am only stating the obvious, and you could be right, but I can assure you that a lot of people would have got themselves into a lot less trouble if they had not overlooked the obvious. You will have to turn to someone more computer-literate than me if you want advice on beating the hackers or dealing with other technical aspects of protecting data in IT systems.
1. In your face – and on the ‘phone. If you are like me, you will take a lot of care over everything you write, but get carried away when talking and give away more than you intended, especially when you are enthusiastic about your subject. You probably also let your voice get louder as the conversation goes on, without thinking about who else could be listening. This is even more likely when you are on the ‘phone and it is not a good line. Top tip: be aware!
2. You’ve got mail. Nowadays, most of us know to be careful what we put into our e-mails, and to consider whether the recipient is really entitled to the information we are sending. However, one thing which catches us out is the long chain of e-mails, replies, and replies to replies, which we sometimes create. It is easy to forget how much personal or other confidential data was in one of the earlier communications, and therefore to send that with all the rest when forwarding the latest missive to a different recipient. A similar trap awaits us when we c.c or b.c.c. to a lot of people, especially when these are set up as standard contacts. We can forget that not all of them are entitled to see everything in the correspondence. Top tip: always check what you are sending and to whom. Including all the attachments!
3. Screen stars. When working on a computer, it is easy to forget that other people might be able to see the screen, either over your shoulder or when you are away from your desk. Top tip: minimise the screen, or close the application whenever there is a danger of it being seen by someone who has no right to the data on it. Alternatively, turn the screen round temporarily, so your visitor cannot see it.
4. Thanks for the memory (stick). I expect you, or someone, will make sure your office is secure when nobody is in. However, a lot of data gets into the wrong hands because people do not take enough care over the security of portable items such as laptops, tablets, memory sticks, and mobile ‘phones. These things can be stolen, or lost. People do leave them lying around. Sometimes we lend them and fail to get them back, and even if we do get them back, could the borrower have got at the data? Encryption is always a good idea. So is physical security. Top tip: remember not only the value of the equipment, but also of the data on it, then you will keep it safe.
5. Cloud-Cuckoo Land? If you think data is safe because it is in the Cloud, ask yourself what that means. The data must be being held on a computer somewhere. Do you know where, or who has access to it, or how secure it really is? Top tip: don’t be vague about the Cloud. Ask!
6. What’s in the paper? Even today, most of us still use a lot of paper: printouts, faxes and notes, as well as heavier items such as reports. Nosey people can gather a lot of information by looking at things left on a remote printer, copier, or fax. Waste-paper bins can also worth a look. Top tips: if you are expecting something confidential, stand by the fax or printer if it is not right by your desk, and ensure confidential waste is shredded not binned.
7. Cut it out! Even when you are providing someone with information they are entitled to, it is easy to find yourself including certain items they should not see. This is especially true if you are sending them a long document. Top tip: edit everything you send out and delete any names or addresses the recipient has no right to know.
Finally, do remember that even if you are handling data which is not covered by the Acts, such as details of a client’s costs or sales, it is safer to avoid giving it out unless your client has agreed. I hope you want to not only comply with the Law, but also to look after your clients’ interests, and your own.
If you know you have problems in this area, perhaps you should seek independent advice and support.