Following my blog post last week about the Blackbaud hack, it seems that some UK, US and Canadian universities have had data stolen relating to students and alumni. You can read the BBC report but there are a few things that we can all learn from this:
- If a data breach is reportable, you only have 72 hours to report it to the ICO, and it should state in the contract of any processor that they must help you to do that. The easiest place to start is on the ICO website where you will find an online self-assessment to help you decide if it’s reportable (to the ICO and/or your data subjects) and a link to report it if you need to.
- We all need to be ready for when a breach occurs, and so you need to have your policies and procedures in place, and I recommend that you test them every so often.
- You can minimise the risk of a data breach in a number of ways, and these are flagged up in a Data Protection review, so do ask me for more information if you would like the reassurance.
- Make sure that all devices which hold personal data, are encrypted, and that you never send personal data via email (there are much better and more secure ways).