Episode 140: Elevating Data Protection
Jasmine Harrison, Philip Brining and Joe Kirk
Data Protection Made Easy – Episode 140
Unveiling the Power of Inspiring Leadership for Effective Data Protection and Cybersecurity
In the latest episode of the Data Protection Made Easy podcast, Philip Brining and Jasmine Harrison hosted a riveting discussion with Michelle Griffey, the Chief Risk Officer at Communisis. This engaging session delved into the realm of data protection and cybersecurity, shedding light on the critical role of inspiring leadership in mitigating data protection risks and fostering transformative governance strategies.
Throughout the episode, Michelle shared her wealth of expertise, emphasising the importance of championing data protection at the highest echelons of organisations. She underscored how this commitment to data security and privacy cascades through the ranks, ultimately cultivating a culture steeped in best practices and risk awareness.
The conversation explored the journey of translating visionary leadership into tangible outcomes, outlining how top-level commitment can effectively promote data security and instill trust within an organisation. With actionable insights and practical strategies, this episode aimed to inspire both seasoned professionals and newcomers to the field, equipping them with the tools to enhance growth and build a resilient, secure future.
Stay tuned for more insightful discussions on data protection, cybersecurity, and the latest news in the field.
Serious data breaches across NI government departments
Data Protection News Of The Week
Hot on the heels of breaches in the Police Service of Northern Ireland, someone has been digging into breaches in government departments in Northern Ireland through a request for information under the Freedom of Information Act the results of which show a series of breaches that have occurred in the last decade (https://www.bbc.co.uk/news/uk-northern-ireland-66786683).
According to the BBC’s report on the findings, the Department of Justice had the most breaches (13), with several classified as “major incidents” including the loss of papers containing medical data and a member of staff inappropriately accessing their ex-partner’s benefits information. The article doesn’t show if the trend is upwards, downwards or static.
Other breaches included letters which didn’t arrive at the intended recipient’s address, letters sent to the wrong person, data being shared with “unauthorised parties”, being left in a restaurant and the loss of laptops and hard-copy files containing “special category information”. There was “the erroneous release of personal data” by the Coroners’ Service, and incidents in which email addresses were identifiable in a calendar invitation or CC not BCC.
Six members of the public experienced issues with the Northern Ireland Covid Certification Service (CCS) whereby their accounts were showing personal details and vaccine certificate information relating to other users. During an investigation into the incident it was discovered that the issue was a technical malfunction, but many of the breaches highlighted in the article are the result of plain and simple human error.
The BBC report quotes Felicity Huston, previously the commissioner for public appointments, as having been struck by the variety of breaches, from small things like envelopes not arriving to lost healthcare information. The BBC article quotes Huston as pointing to the government insisting more and more that public authorities go online as being a factor in the increase in breaches.
We should certainly be concerned that after nearly 40 years of data protection law in the UK, simple work-place-based errors are still a major cause of personal data breaches. But should we be surprised?
One can imagine that the rushing to market of a Covid certification scheme may have involved curtailed testing processes, but when will the simple stuff like mis-sending letters, exposing email addresses accidentally, and leaving files in restaurants be confined to history?
I would suggest that the root cause of these human-related issues is cultural both within organisations and in society in general. When will society and organisations place appropriate value and emphasis on being pro-active with data protection? When will organisations value undertaking regular GDPR compliance audits to probe and test their arrangements? And when will a zero tolerance approach be adopted with regard data handling practices?
The key to moving forward with human-related data breaches is more training and awareness, cultural change, investing in better systems and processes, and reviewing processes on a continual basis. It is decades since I was involved with the European Foundation for Quality Management (EFQM) and BS5750 (now ISO 9000), but I learned valuable lessons from my work in that field about embracing continual improvement. What we need to do is apply these principles and processes to our data protection and privacy arrangements.
Join Our Community
If you would like to become part of one of the UK’s fastest growing data protection networks, you can visit our events page where you will find a wide range of insightful conversations in the upcoming weeks, register for any of these discussions and join us live for free, or request to subscribe and receive weekly invites to thoughtful discussions between data protection enthusiasts and experts. Data Protection Made Easy is a community of likeminded individuals, all passionate about simplifying complex areas of data protection.