All Businesses in operation in Limerick, Cork, Dublin, Galway and across Ireland will be aware of Data Breaches and the risks associated with them. A data breach can come in the form of a paper breach when failing to implement confidential document destruction and a digital breach when failing to have appropriate security procedures in place. The knock on negativity that an Organisation faces affects client relationships in addition to damaging your Company image.
In many cases due to DATA PROTECTION LAW your Organisation may be legally responsible to your customers. In this article I will go through my top six threats to Data Privacy for Organisations.
- Lack of Data Protocols
In many data breach cases it is found that there was a failure of the Organisation to have even the most basic protocols in place to minimise the loss of customer and employee data. Examples have been; a failure to have confidential paper stored in a secure location when not in use and waste paper material being destroyed through an onsite document shredding facility.
- Restricted access to information
A regular mistake by Organisations today both Public and Private is to restrict access to confidential information for employees. A simple “need to know” procedure is a great step in achieving data security.
Within many Organisations there seems to be a free for all information sharing tendency. However, in today’s competitive environment business clients and public clients to given Organisations expect to have their information maintained securely. Various staff members with varying staff functions are not required to know one another data details. A simple contract inclusion at employment stage would reduce and minimise this non-required cross function data sharing tendency.
- Extended information gathering & sharing
There is an increasing trend in information gathering through online forms and “opt out” functions. This information may be shared among Organisations with no accurate business case to justify such sharing.
- Increases in technology
This point covers a multitude of technologies but I will mention two different kinds;
- Confidential document shredding – reconstruction technologies
- Online digital data technologies that part individuals from their personal information for fraudulent use.
- Lack of awareness
There is a concerning level ignorance or lack of knowledge from a Data Controller perspective and general public perspective when dealing with sensitive data.
Data Controllers may lack a degree of awareness of their data protection obligations, such examples can be failing to complete a clear out shredding process at the end of each calendar year or failing to have a confidential document destruction process in place for daily generated materials.
For more information on data privacy Email us at firstname.lastname@example.org
The Data Protection Commissioner phone no: +353 57 868 4800