You won’t be surprised to hear that malicious or criminal acts remain the leading cause of data breaches and human error is the second largest cause of data breaches.
During COVID-19, there has been a marked increase in the number of cyber-attacks by using ransomware or impersonation and these now account for approximately 60% of all privacy breach notifications to the Office of Information Commissioner.
As businesses have been forced into Stage 4 lockdown protocols, ensuring client and customer confidentiality is of greater importance to business as your employees are working from many locations. Clients and customers still expect that their confidential information is kept confidential and any unauthorised disclosure of client information can be at best embarrassing and at worst expose you to legal action or investigation by the Office of Information Commissioner.
It is not possible to completely eradicate any risk of breach of privacy or confidentiality – especially when your workforce is spread over many locations, but there are steps that can be taken to minimise this risk.
Some steps that can be taken are:
Encrypt all of your electronic communications to clients;
Discuss the importance of information security with your employees;
Educate your employees as to information security and the handling of client/customer information;
Raise awareness of detrimental cyber activity including phishing and impersonation;
Circulate a working from home policy which sets out your expectations of online behaviour, information security and use of personal electronic devices;
Regularly review your working from home policy and circulate it if it has been updated;
Closely liaise with your IT team to ensure that they are adopting the most up to date protocols to manage cyber risks;
Password protect sensitive documents and agree with your client how the password is to be communicated to it (by phone, text message, separate email);
Ensure that all employees are aware of the steps that must be taken if there is a suspected (or actual) disclosure of client information;
Agree the process for escalating a breach of confidentiality within your business and this process should include the consideration as to whether a Notification to the Office of Information Commissioner is required.
Millens has experience in advising clients in relation to protocols and policies regarding preservation of confidentiality and privacy.
If you would like any advice relating to the preservation of confidentiality and privacy, please contact Sally Lloyd