About Lesley Cooley

This author has not yet filled in any details.
So far Lesley Cooley has created 111 blog entries.
30 08, 2023

What is the difference between encryption and password protection?

In discussions about information security and data protection, the notion of password protection often arises as a perceived safeguard. However, the efficiency of this method hinges on the nature and complexity of the password being used and the sensitivity of the information being protected. Distinguishing between encryption and password protection is crucial. Imagine your data as valuables stored within a secure box. Password protection means locking this box with a password; the password is [...]

Read More
16 07, 2023

Sending an email to the wrong person is one of the most common data breaches

Sending an email to the wrong person is one of the most common data breaches. It’s also usually down to human error, usually because someone is time pressured or trying to do more than one thing at once or not familiar with the software. This happened to one of my clients the other day, they rang me to say they had sent a report about one of their clients to one of their other [...]

Read More
25 06, 2023

What’s the difference between GDPR and Data Protection?

"What is the difference between GDPR and Data Protection?" is a questions I asked the other day. It can be very confusing as we use the term GDPR regularly to describe a piece a legislation we need to adhere to. GDPR stands for the General Data Protection Regulation. It’s the European wide legislation brought in in 2018, that created a tsunami of changes to the way businesses collect, store and destroy personal information. In [...]

Read More
19 04, 2023

Procurement Questionnaires

Procurement, due diligence or security questionnaires, whatever you want to call them are becoming far more common and businesses we work with, who haven't had them before, are starting to get them. We work quite widely in the security sector and they have started getting them from other companies that they work with. Generally, the questionnaires are based on the International Standard ISO27001. The questions can be phrased strangely and be difficult to understand [...]

Read More
12 04, 2023

Data Breach – Don’t make it complicated

Let me tell you about a recent incident with one of our clients. So, they had a bit of a hiccup and this led to a data breach. But it was a small data breach, with one person’s information incorrectly shared with another individual. Apparently, someone accidentally emailed the information to the wrong person. A common mistake. But when we sat down to discuss what had happened, they were ready to overhaul their entire [...]

Read More
28 02, 2023

A daily Absence report causing Problems

Usually we work with companies, but occasionally an individual will contact us asking for advice. This happened last week when an individual wanted to know if the company they were working for could send the daily emails about absences. The emails look something like this: Absences Email As you can see it shows who is absent and why. These emails are produced daily so could give a history of absences. Also is it appropriate [...]

Read More
14 02, 2023

What is special category data?

Special category data is personal information that needs more protection because it is considered sensitive under data protection legislation. There are nine special categories of personal information. They are information that relates to: - race, racial and ethnic origin; - political opinions; - religious or philosophical beliefs; - trade union membership; - genetic data; - biometric data such as fingerprints, eye scanners, but only where it's being used for identification purposes; - health information; [...]

Read More
17 01, 2023

What is your password policy and is it effective?

What is your password policy and is it effective? Frequent password changes are one of the things many organisations advocate and actively manage by expiring a password so that it has to be replaced. We are helping a client obtain Cyber Essentials Certification and have been looking at the National Cyber Security Centre (NCSC) website, which has a different viewpoint on passwords. Password changes are designed to limit the harm that comes from an [...]

Read More
10 01, 2023

How long do you have to respond to a Subject Access Request?

Two days before Christmas we had a call to the helpline about a Subject Access Request. A company had received a request and the requestor had said that they had 14 days to respond and provide the information. Obviously with all the Christmas and New Year bank holidays, the company were panicking about responding within 14 days. Firstly, the response time for a subject access request is one calendar month. The person making the [...]

Read More
16 05, 2022

Legitimate interest as a lawful basis is not an excuse to market to everyone.

This week through the helpline, we had a call from a company who had used legitimate interests to scrape email addresses from the web, and then send them marketing information. They explained that marketing emails were in their interests and the interests of the person emailed so they could place their services and goods on the caller’s platform for sale. There are very specific rules about email marketing both in data Protection legislation and [...]

Read More
30 04, 2022

Email Marketing – Do I need a tickbox?

Back to Basics and email marketing. Over the last couple of weeks we've been looking at some email marketing signup forms. And it's quite interesting when an organisation decides to put a tick box, although sometimes it's the software that has a tick box that you cannot remove. When someone is signing up for your email marketing list, you might create a form where someone can insert their email address and there's a tick [...]

Read More
18 04, 2022

Are your suppliers protecting your business information?

We find clients don't often think about supplier risk. Currently we're working with a company to implement ISO27001 and as part of that process, we are checking their suppliers for information security standards and GDPR etc. As part of checking suppliers for compliance, we needed a list of the suppliers and this particular company have outsourced their finance function to an accountancy firm. We asked the accountants to provide a list of the suppliers [...]

Read More
7 03, 2022

Special Category Information related to Employees

Since my blog on health information, we've had a number of questions around health information or special category information when it’s collected from employees.  When you have employees, you will often be processing special category information around their health because you need to pay them sick pay, information about their ethnicity or ethnic origin because you might collect that as part of your equal opportunities monitoring. You might collect information about trade union membership [...]

Read More
2 03, 2022

Dealing with special category information related to health

Under data protection legislation, health information is considered a special category of personal information. This means that it needs some additional controls in place to be able to collect and store it. There are a number of special categories and health information is one of the most commonly used because we collect it through various channels within our businesses. Today, we're just going to focus on those companies that collect it because they deal [...]

Read More
1 02, 2022

A common email data breach – failing to BCC

A common email data breach by failing to BCC the recipients My son has started a new job and is heading off for a training course on Sunday. As part of attending the training course he was provided with information about the venue and training sessions along with the other new starters. My son could see the personal email addresses of colleagues he’s yet to meet on a company email. As my son (And [...]

Read More
15 09, 2021

What is Processing in Data Protection terms?

In data protection terms we spend a lot of time talking about processing personal information. This week we have had two conversations which highlighted that processing is not always understood. The first company we were talking to are a document storage company being used by one of our clients. We were explaining that they were a data processor because they are storing the personal information. They explained that my client only stores the paper [...]

Read More
26 07, 2021

The UK is adequate for Data Protection Purposes

The UK is adequate. Doesn't sound great does it but it is really good news for continuing to make transfers to and from the EU/EEA. You may remember me telling you at the beginning of the year that there was a 6-month period where transfers to the EU could continue until the UK achieved an adequacy status from the EU. The adequacy status was approved on the 28th June (talking about taking it to [...]

Read More
27 06, 2021

It’s not all Black and White

A few years ago I was running some GDPR Implementation classes for small businesses and each week, we had a Q&A call where anyone with questions could come onto the call and get an answer. It became a running joke that my initial response was always “it depends” and the right thing to do always depended on the individual set of circumstances. Although it would be lovely to think that data protection legislation was [...]

Read More
Copyright 2019-2023 | All Rights Reserved | Privacy Policy | Audit & Risk Professionals LLP T/A GDPR Advisors Uk | Registered in England and Wales (company number OC393687) Registered Address: Masefield Avenue, Borehamwood, HERTS., WD6 2HQ
FacebookInstagramLinkedIn
Go to Top