A common email data breach by failing to BCC the recipients My son has started a new job and is heading off for a training course on Sunday. As part of attending the training course he was provided with information about the venue and training sessions along with the other new starters. My son could see the personal email addresses of colleagues he’s yet to meet on a company email. As my son (And [...]
It has been a busy few weeks helping organisations who work with large corporates respond to procurement and security questionnaires. The questionnaires have all sorts of names; assurance, security, procurement, information security, data protection etc. They are all effectively trying to achieve the same thing, assurance about the security surrounding the information you are working with. They are becoming more frequently requested as part of working with larger organisations. In the last few weeks, [...]
“I’ve read the information on the ICO website and I’m still confused.” We hear this so often through our helpline. It’s not the fault of the ICO website, they are trying to meet the needs of all organisations from big to small, complex to simple and it doesn’t just provide the level of advice that someone needs sometimes. Also, the language can be confusing and frequently organisations struggle to understand the implications for their [...]
We’ve had a flurry of requests for support for subject access requests in the last few weeks. This is because of the redundancies being made by organisations and changing job market. Don’t think that only large organisations get Subject Access Requests, we have recently helped an organisation with only one employee to respond to a Subject Access Request. The most recent ones have been slightly larger organisations and there has been a common theme [...]
Recently with many organisations working from home, we have seen increased scrutiny happening for organisations managing information on behalf of other organisations. One of our clients is an international market research company. They work with large corporates throughout the world providing insight on new ideas and services. For the first time ever, they have received a security questionnaire from their biggest client. What we mean when we say security questionnaire is a form asking [...]
Do you need to register with the Information Commissioners Office (ICO)? The ICO is the supervisory body for the UK with regard to data protection matters. Under the old Data Protection Act the ICO had a list of Data Controllers. The need to maintain a list of data Controllers disappeared with GDPR, BUT in order to fund the ICO, a bill was passed which means that the ICO maintains a register of fee payers. [...]
Now I am not one of the GDPR advisors that uses the formal language. I don't use the word data, I say personal information as so many people struggle to understand what data really means. I spend quite a lot of time talking with other data protection professionals and I always find it daunting when they start talking article this, data that. Not because I don't know what they are talking about but it [...]
I'm a small business so the Data Protection Act and General Data Protection Regulation don't apply to me. You would be surprised how frequently I hear this and I even heard it from a solicitor who told facts vs myths, newspaper article text me that there was a small business exemption! The legislation around how to handle a persons information including how to collect, store, handle and destroy that information is [...]