Tips for Avoiding Data Breaches

01st May 2020

During the Coronavirus (COVID-19) pandemic, the DPC knows you might need to share or collect information quickly to adapt to the demanding circumstances we all face and to maintain normal functions as far as possible. One of the heightened risks at this time is that you might suffer a ‘data breach’, which leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.

Whether you are an organisation whose employees are working remotely, a school or college adapting to online education, or any organisation that needs to develop new ways of staying in touch with people during these unprecedented times, below are some tips to help you keep personal data safe and avoid data breaches:

  • Before using the many freely available social media platforms and apps, carry out a security check and ensure that security settings you are using are up to date and share only personal data that you wish to share.
  • When creating new forms within your existing document management system, continue to use all the necessary security measures to ensure that personal data is kept safe and not shared unintentionally.
  • When using templates to collect personal data, always ensure that a blank template is issued at all times.
  • Use complex passwords that are different on all platforms, using a password manager to assist you.
  • Continue to use common sense and make sure that you are taking care of things like people’s names and addresses. Take particular care for more sensitive data, such as information about persons’ health, political or trade union affiliation, or religion.
  • Remember that working from home can place us in a different mental space from our usual workplaces. Remind home workers that procedures such as double-checking addresses and attachments, and using the BCC function for group emails, are just as important when working at home as in the office.
  • Home workers dealing with personal data for which their organisations are responsible must remember to maintain privacy. Work files, email and databases should not be used where visible to family members or housemates, or left open and unattended. Work computers such as laptops should never be used by family members or for non-work purposes.
  • Many essential businesses, for example, pharmacies and medical practices, have had to make physical alterations to premises such as temporary reception desks and workspaces. Remember to take account of privacy when making these arrangements so that people can speak privately and other people’s records are not visible to members of the public.

For more information on the obligation to notify the DPC of data breaches, see our Quick Guide to Data Breaches. We have also developed guidance on data protection when taking steps to mitigate COVID-19, on how to protect personal data when working remotely, on handling access requests, and some tips for video-conferencing.