We have all had to adjust to new ways of working during the current pandemic. Most of us have been working from home for at least part of the time, and with social distancing rules home working is likely to become much more prevalent. We have had to adjust to improvising home offices in the box room, learning to use the mute button in Zoom, and angling the camera on the pc to give the best shots of our bookshelves/curtains/family portraits.
With all this going on, data protection has probably not been uppermost in our minds. But even though the office is now in the box room, we still have a duty to protect the personal data of third parties. So here are some quick reminders:
- Consider confidentiality when using the phone or a screen. Can your conversation be overheard in the next room? Could another member of your household access your office and look at sensitive documents on your screen while you are away from your desk? Remember to lock your screen when you are away from your device – this is good practice wherever you are. If you are working on paper files, remember to put them away when you have finished with them.
- Take care when disposing of paper documents. In the workplace there are collection bins for secure shredding. If you have a home shredder then use that, or store confidential papers until you can take them to be securely shredded in the workplace. Do not put them in your household recycling or general rubbish.
- Refresh your training on cyber security. Be extra careful about opening links and attachments in emails or live chat boxes. This advice extends to the live chat boxes which appear in video conferences, so do not open links or attachments which you were not expecting or which are sent by attendees you don’t recognise.
- Don’t mix your own data with your organisation’s data. For example, use your own phone or device to send personal text messages, rather than using the devices provided by your employer.
- Use strong passwords – consider using 3 random words as recommended by the National Cyber Security Centre.
- Communciate securely. If you have to send confidential documents by email consider password protecting them and sharing the password using a different channel, for example text message.
- If you are using your own devices, rather than those provided by your organisation, remember to keep your software up to date. If you are prompted to install an update, then do so as soon as you can. In 2017 the NHS was successfully targeted in the Wannacry attack. Its data was encrypted and a ransom demanded. Microsoft had released updates to repel the attack, but these had not yet been installed by the NHS. It has been estimated that 19,000 appointments were cancelled in the attack.
- Don’t forget to report a breach as soon as you discover it. There are strict time limits for your organisation to report breaches to the Information Commissioner’s Office if necessary. Your organisation’s policies and procedures will explain what constitutes a breach and to whom to report it.
Remember that we all have a right to have our personal details protected by whoever uses them. Treat information about other people as carefully as if it were information about you.
Eleanor Baggs is an independent consultant in compliance and data protection for the legal profession – find her on LinkedIn.