… lessons for us all! 👩🏫
“Show me a person who has never made a mistake and I’ll show you someone who has never achieved much.”
This quote from Dame Joan Collins is so true.
If you’re trying something new, you’re bound to make mistakes.
The problem is not making the mistakes in the first place; it’s not learning from them.
And learning from someone else’s is even better!
The ICO knows this and the previously secret reprimands it issues are now public.
An organisation will receive a reprimand when the ICO has found breaches of data protection, but they aren’t serious enough for formal enforcement action.
To help us, the ICO recently reported on reprimands issued between March and June this year, with 3 lessons from the mistakes of others, which makes for interesting reading.
🛡️ Lesson 1: protect data
A combination of a lack of policies and staff training can lead to personal data being disclosed when it shouldn’t.
There was one case that seemed more serious to me and should’ve got, in my view, more than a rap over the knuckles. 14 bags full of confidential waste documents, including medical and security details, were left sitting in an unsecured prison area for 18 days. Some of the prisoners were openly reading the stuff, but the staff did nothing more than just tell them to stop!
⏳ Lesson 2: respond to Subject Access Requests on time.
Two councils, Norfolk County Council and Plymouth City Council received reprimands for failing to respond within the month. Norfolk managed to respond to just over half on time, while Plymouth could only get 45% done, and 18 requests took up to 2 years to complete!
🚀 Lesson 3: think about data protection from day one.
When coming up with new products and services or using new tools that involve personal data, always think about how you’re going to protect it from the start. Two police forces introduced an app that recorded phone calls and captured personal data, completely forgetting the data protection implications.
The report may not be the most engaging reading I’ve done, but they do bring up some interesting, and at times worrying, examples of people’s attitudes to personal data.