Does your data protection need to book itself in for a check-up?
In the not-too-distant past, a healthcare agency sent me patient data, including names and addresses as well as a request for a medical procedure. I reported it immediately to the organisation and the relevant authorities and deleted the email, of course. However, I was shocked at how easy it was for this data to be sent to me, a simple forward on of an e-mail with potentially quite serious repercussions.
The fact is email has become an integral part of our communication systems. From healthcare correspondence, as well as other personal correspondence to business dealings and beyond, email is used extensively to exchange information. However, with the increasing volume of data exchanged over emails, data protection has become a growing concern. Making a mistake with data protection over email is easier than you may think. Here are just two common mistakes people make that put their sensitive information at risk:
· Sending sensitive information via unencrypted email: Email is not a secure medium of communication. Anyone who intercepts the email, such as a hacker or an unauthorised recipient, can read the contents of the message. Sending sensitive information like financial data, medical records, or personal identification information via unencrypted email can still leave the information vulnerable to theft.
· Failing to double-check email recipients: One of the most common mistakes that people make while sending emails (and the one that occurred in the example I experienced) is accidentally sending sensitive information to the wrong person. It is easy to make this mistake when email addresses are auto filled, or recipient’s names are similar. This mistake can lead to serious data breaches, especially when the information is confidential (such as medical records).
So, what can be done to prevent future data leaks from occurring in the healthcare industry (or any other industry?) Frankly, there are many ways that an organisation can protect itself and there is ‘no one size fits all’ approach, however the answer for you may be cheaper and more simplistic than you think. With options such as encryption, secure e-mail services, password protection and secure file sharing applications being just some of the answers. It's important to note that the best approach will depend on the specific needs of your organisation and the type of data you are sending.
To help organisations through the tricky game of data protection, Marbral Advisory offer The GDPR Do It Yourself Playbook which offers a step-by-step guide to GDPR compliance. It includes a five-module series which, when carried out in sequence, walks you through the things that you need to consider, and produce, in order to comply with the GDPR plus four hours of dedicated support from a GDPR practitioner. It’s the perfect solution for those who need to design their business model with privacy in mind. We also offer more comprehensive training programmes and consultancy to help organisations, their teams, and their employees, to ensure their processes, procedures and policies are up to date.
For further guidance or business support, get in touch: hello@marbraladvisory.com