Don’t leave personal data unattended

information unattended

Human error is the leading cause of data breaches. In response, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security to staff. At Hayes Connor Solicitors, we’re sharing some of the tips included in this toolkit. In doing this we aim to raise awareness of the importance of this issue. And help organisations across the UK improve their data protection processes. This is crucial to keeping the personal data they use safe.

Tip: All information you work with has value. Think before leaving it unattended


The risk of leaving personal data unattended

Confidential information can be compromised even when it is kept in offices. For example, printouts in output trays can be viewed, mishandled, or stolen. Unattended computers also pose a significant a threat. Because, if someone else sits at your desk, they could access data that they are not authorised to see.

For example, in a recent case, we saw the impact of what can happen when a woman’s sister-in-law (an NHS worker) accessed the NHS system and shared personal details about our client with the rest of her family.

The importance of a Clear Desk & Screen policy

Employers must understand the importance of data protection. Strict policies and procedures also help to process information safely. This includes establishing a ‘Clear Desk and Screen’ policy. This policy should cover things like:

  • Locking paper records containing confidential, personal or sensitive data at the end of each day. Or a workstation if it will be unattended for more than a short time
  • Making sure that you shut down your computer at the end of the working day
  • Locking laptops and other portable devices in a secure location at the end of each day
  • Locking your screen when you leave your computer unattended
  • Automatic screensavers after 10 minutes of inactivity
  • Shredding hardcopy documents containing personal data
  • Not disposing of paper records containing personal data in general waste or recycling bins
  • Not writing down passwords or other restricted account information
  • Locking away removable media when not in use. Or prohibiting the use of removable media
  • Removing documents containing personal data immediately from printers
  • Keeping the keys to locked filing cabinets or drawers in a secure location
  • Not leaving confidential information on desks, in shared conference facilities or meeting rooms
  • Removing all personal information from flipcharts and wiping down whiteboards
  • Securing office areas when not in use
  • Adhering to mobile device guidance when out of the office
  • Deleting any data from the recycle bin of any communal computers that you use

Other quick tips to keep personal data safe

  • When staff abide by the data protection principles of their businesses, data breaches can be avoided. But it is up to employers to make sure that all staff receive regular data protection training. This is vital to make sure they understand the potential consequences of breaching data protection laws
  • Organisations must do more to protect personal information. For example, by designing systems that only allow the relevant people to have access
  • Every staff member accessing personal records should provide a reason for doing so.

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses.  Or give us a call to discuss your case in more depth.