Opinion

How to stay ahead of personal data cyber attacks

14th August 2019

How to stay ahead of personal data cyber attacks

Almost every organisation handles personal data in some shape or form whether that’s customer details, mailing lists, employee information or supplier contact details. With that comes risk and responsibilities.

Cyber attacks are just one cause of data breaches. According to the most recent government Cyber Security Breaches Survey[1], more than half of the small to medium sized businesses surveyed had experienced a cyber security breach or attack in the previous 12 months. In some cases, the costs associated with dealing with such breaches reached thousands of pounds.

What is a data breach?

Put simply, if something goes wrong with personal data, chances are this will qualify as a data breach. This could include corruption of, or damage to, personal data, unauthorised access, loss or destruction of personal data. Some examples include:

  • virus or other cyber attacks that render personal data inaccessible or permanently damaged;
  • sending personal data to the wrong recipient;
  • leaving personal data in an insecure or public place.

A data breach could happen to personal data that you hold, or that you have entrusted someone else to hold or process on your behalf.

So what?

Any personal data breach should be treated as a major incident requiring urgent attention.  No one wants to be on the receiving end of a hefty fine or other regulatory intervention from the Information Commissioner’s Office (ICO). You also risk causing irreparable damage to your business’s reputation.

Certain breaches have to be reported to the ICO, where feasible, within 72 hours after you first become aware of the breach and in any event without undue delay. In very serious cases, you are also required to inform the individuals whose data has been compromised.

There are no hard and fast rules as to which breaches must be reported to the ICO. Each breach needs to be considered on its own facts. The extent, scope and sensitivity of the compromised data all need to be factored into the assessment and you should always consider seeking specialist legal advice as this can be a difficult call to make.

What are you waiting for?

Don’t wait until you are the victim of a data security breach to think about how you would deal with it. Follow these top tips to stay ahead in the event of a data breach:

  • Have a data breach plan in place. This needs to set out the procedure you will follow, including how you will decide whether the breach is sufficiently serious to report to the ICO or the individuals whose data has been compromised.
  • Provide regular training to your staff.  Everyone in your organisation needs to know how to recognise a data breach and what steps need to be taken.
  • Nominate key members of your data breach team in advance. Representatives from IT, the senior management team and potentially HR are likely to play an important role in most data breach scenarios.
  • Know in advance who you will turn to if you need external advice. You may need to consult with lawyers, specialist IT consultants, the police and insurers amongst others.
  • Check your existing and new contracts. If you are entrusting others with the handling of personal data, there should be a written contract in place with appropriate data protection clauses and the ability for you to bring a claim against the relevant party in the event of a data breach. Review performance of your suppliers regularly and move to someone new if you are worried about non-compliance with data protection requirements.
  • Keep up to date. Check the ICO’s website regularly and sign up for updates from your trusted external advisers so that you are aware of the latest developments and requirements in relation to data protection.

If you have any questions about data breaches or data protection in more general, please contact a member of the Higgs & Sons Commercial team on 0345 111 5050.

Please note that this article does not constitute legal advice and is intended for general guidance purposes only.  

[1] https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/702074/Cyber_Security_Breaches_Survey_2018_-_Main_Report.pdf

 

 

 

Other news

Contact us

3 Waterfront Business Park
Brierley Hill
West Midlands, DY5 1LX

Email: law@higgsandsons.co.uk
Call Us: 0345 111 5050

Follow @HiggsandSons on Twitter  Join Higgs & Sons on Facebook  Join Higgs & Sons on LinkedIn

Newsletter

Keep up to date with all the latest here.