When 90% of data breaches in the UK are down to human error, an organisation’s biggest security risk is their people. It’s only by having the right culture that you can minimise the chance of anything going awry.
As customers, we care if our credit card details are lost or misused. We want to know that our medical records are kept secure, and our passwords aren’t distributed on the dark web. That means that as employees, we need to treat other people’s personal information as we would want our own treated.
In the sixth of our short training videos, the Privacy Guy highlights what can go wrong when this doesn’t happen. Imagine if you check your credit card bill and see a number of transactions you don’t recognise, which add up to thousands of pounds. The same day you get an email from your gym – they’ve suffered a data breach and your credit card details have been taken. How does that make you feel?
Or perhaps at work, you get an email from a hacker, saying they’ve got access to your customer database and unless you pay a ransom, they’ll sell your database on the dark web. What would you do in this situation?
Training is the biggest step you can take towards building a culture of continuous privacy compliance. Teach the people in your organisation to understand privacy, and about the security steps they can take and the consequences of getting it wrong. If they understand, they will care. And if they care, they will do what they need to do.
Make sure your staff only have access to the personal information they need access to, that they will report any data loss, and that all policies are read, understood and complied with. Your organisation should only process the minimum amount of personal information required, should anonymise it wherever possible, and only send it to safe places.
Find out more next time with our seventh Privacy Promise – International.