Ten legal tips for data security
Online and digital platforms are an inherent part of doing business in the modern world, but they can also be an unexpected source of vulnerability.
Our increasing reliance on internet-connected devices has been accompanied by the development of a new set of cyber threats, which account for nearly a third of all crimes in England & Wales.
We cannot stress enough the importance of being prepared for a potential hack to lessen the risk of theft of data and ongoing damage to the business.
We have drafted some legal tips to help businesses mitigate the risk of a breach of data security:
- Have a data security policy for your staff
- Have an IT, email and social media policy for your staff
- Communicate these and train your staff on them
- Include protection for confidential information in your employment contracts
- Check your commercial contracts – What data security obligations do you have to others that you deal with? What obligations do you place on others that you deal with?
- Conduct an audit of data security risks
- Consider your policy on notification should there be a data security breach
- Have a plan for reacting to serious incidents
- Cyber is important, but don’t forget ‘analogue’ risks e.g. losing portable drives or paper files, disclosing information over the phone, failing to redact information, or simply misdirecting an email
- Call your lawyer for help with any of the above!
Our experienced lawyers are well-known in the area for their expertise and providing ‘solutions-focused’ advice. If you would like help with developing, drafting or amending policies, or training staff on company policies and best practice, please do not hesitate to contact us.
Don’t forget that if you introduce any new software, technology or processes you are required under GDPR to carry out a data protection impact assessment in order to identify if it presents a high risk to data subjects.
Disclaimer: Please note that this fact sheet is for guidance only and is not intended to replace legal advice.