We all take for granted that our personal information is secure, don't we?
This week there have been a few data breaches where my information has been accessed or provided to someone who shouldn't have it. Most worrying was a professional body, to which I belong, who emailed the names and email addresses from their membership database to an outside email address. It's good that the disclosure was identified and that the organisation contacted me to let me know, but how did it happen? Why would a membership database need to be emailed to another individual? Most organisations now have some form of CRM so why didn't the person who needed the information already have access to it?
The other breach was where an organisation emailed a group of people and failed to hide the email addresses of the recipients from the other people being emailed. A simple thing but now all those other people have my email address and I didn't agree to that. Also it usually results in a load of spam emails. This breach could have been easily avoided by using the bcc option in the email.
So what did I learn? The professional body took the correct steps to report the breach to the Information Commissioner, kept me informed about the action they had taken and explained how the breach came about. This improved my confidence in them because they did quickly realise that they had made a mistake.
The other organisation didn't have a clue that they had breached the Data Protection Act. Apparently they have always done it this way and didn't know that there was a requirement to get permission to share this information. What will they do in future? I have no idea but the fact that they didn't have a clue about the requirements of the Act did not inspire confidence.
The Data Protection Act has been around since 1984, so there are no excuses for not being aware of it or what's required to comply with it. If you need some help or advice to ensure you comply, please contact me at lesley@audit-and-risk.co.uk. I would be very happy to help.
No comments:
Post a Comment