Good Data Practice – The Quarterly Review

Every quarter we’ll cover some small and manageable tasks that will assist you in taking control of your data.

It’s been an eventful month regarding data protection and security, to say the least. The mere thought of the cyberattack that has occurred against the HSE is enough to send anyone with even the slightest knowledge of data protection into a cold sweat. It has served to highlight some key factors, such as; the importance of using robust data collection systems, only collecting necessary data, and ongoing training and support for staff accessing data collection systems. A system is only as good as its weakest link, whether that is the technology or the human using the technology. In most cases when a data breach occurs it is because of human error.

Let’s look at some manageable steps and safeguards you can put in place to ensure that any sensitive personal data you hold remains safe from data breaches and data hacking. The following refers to electronic records and technology safeguards:

  • Electronic records should be maintained securely with secure passwords to access them. Regular purging of sensitive personal data should take place in line with your workplace’s data protection standards and policy.
  • Electronic devices should be maintained and stored securely with secure passwords, necessary updates, and where relevant with encryption and antivirus software.
  • No person other than a relevant staff member in your organisation should have access to any work device used for work purposes.
  • When a staff member ceases to work for your organisation, you need to ensure that they have not retained any personal data used for work purposes on any type of device.
  • If using networks and cloud services, only trusted services should be used for the storage and sharing of personal data.
  • Secure and private password protected wi-fi connections should be used to access electronic records. Public wi-fi networks should not be used.
  • Emails containing sensitive personal data should only be sent where absolutely necessary, and the utmost of care should be taken to ensure the email is only sent to the person it is intended for.
  • Never open emails or attachments that look suspicious or that are from sources you do not recognise.

There is an increased risk of data security breaches over the past year as many people have had to quickly adapt to work from home using personal laptops, computers, phones, and other devices. Now is a great time to ensure that you are familiar with the data protection standards and policies in your organisation, and that you are working in a way which is consistent with these.

Elaine Mears

Privacy and Data Support Coordinator