The fox in the hen house: could your staff cause a data protection breach?
Posted on February 27th 2018
Staff are supposed to be the best asset of any business. Whilst this is true in most cases, staff members can also cause data protection breaches that can cost businesses their clients and money.
A few high-profile cases, highlighted in the news recently, demonstrate the importance of robust data security for all businesses.
The council worker who snapchatted personal data:
This week, Samira Bouzkraoui, a former apprentice at Southwark Council, was prosecuted after she illegally shared personal information about schoolchildren and their parents. Bouzkraoui took a screenshot of a spreadsheet and shared it via snapchat. The image included the names, addresses, dates of birth, and National Insurance numbers of dozens of children and their parents.
Bouzkraoui, who admitted three offences of unlawfully obtaining and disclosing personal data, had received data protection training.
ICO Criminal Enforcement Manager Mike Shaw said: “This is yet another example of how people whose jobs give them access to personal data can end up in serious trouble after allowing temptation to get the better of them.”
The Morrisons data leak:
Unfortunately, the above case is not unique. Recently, the High Court made a potentially ground-breaking decision. It ruled that Morrisons Supermarket was vicariously liable for the actions of a disgruntled employee, who stole and deliberately leaked the personal data of around 100,000 employees.
This decision is subject to appeal. However, if the decision is upheld then it could have enormous implications for employers across the UK. In the near future, employers may face significant liability for data breaches, even when the circumstances are effectively out of their control.
What can you do to prevent a data breach?
Clearly, a kneejerk reaction to stories like this would be unnecessary and damaging to a business. However, these stories demonstrate that importance of having robust data protection procedures. To help guard against a data breach as a business owner, there are a number of steps you should take. You should:
- Train all staff members on their data protection responsibilities, and make them aware of the potential consequences of a data breach.
- Limit access to data – staff members should only have access to the data that is absolutely necessary for them to carry out their job.
- Understand what data you hold and how it is processed. You should implement data retention and deletion policies.
With the GDPR coming in to force in just 3 months, now is the time to ensure that you are compliant. This means ensuring that all of your staff have received appropriate awareness training.
How can we help?
At Oliver & Co, we can help you be reviewing your contracts. After an initial review, we can make recommendations to ensure that they are GDPR compliant. This can include protection against liability in your contracts with customers, supplies, and even your employees.
We can also assess your current data protection policies and procedures. Without having these in place, many responsible businesses may become hesitate to share data with you.
Contact us today:
Call and speak to a lawyer on 01244 312306