Employees represent a significant risk factor to data security within organisations, not just maliciously but accidentally.
According to data security statistics provided by ICO, the highest number of security breaches reported for the financial year 2017-2018 were incidents where employees had sent an email to an incorrect recipient. The second most reported incidents involved data that was either posted or faxed to the incorrect person.
Source: https://ico.org.uk/action-weve-taken/data-security-incident-trends/
Both of these kinds of breaches highlight the importance of having the correct protocols in place to avoid possibly highly sensitive information being shared with parties that should not see it. It is imperative that organisations take the appropriate action to ensure the security of the personal data they collect and how that information is used or distributed.
Organisations must ensure that all the staff receive appropriate training and guidance for complying with the GDPR and DPA 2018 provisions. A failure to comply may cause the company, or in certain circumstances the individuals involved, to be liable to prosecution as well as giving rise to civil liabilities.
So, what should organisations do to ensure they mitigate the potential for data security breaches?