Last year, we posted a short article (Just Names and Addresses) pointing out the importance of protecting all personal data even if you do not consider it to be of value. We find that not everyone views the loss of names and contact details as a serious data breach. But I would imagine most of us pricked up our ears at the news of the Cabinet Office data breach of names and addresses of those on the New Year’s Honours list.
On the list were people whose details are already in the public domain. A charity worker admitted he was not too worried as his details were already on the charity website. Iain Duncan-Smith was not concerned on his own behalf – many people already know almost everything about him. But he did point out that this does not mean that other people on that list should not mind either. The disclosure included the data of private citizens who rely on anonymity to do their job effectively or to keep them safe: MoD employees, senior police officers and senior counter-terrorism officers. Many prominent public figures were also on the list – for example, Elton John and Ben Stokes = who go to great lengths to try to maintain their privacy. Clearly for them their personal security has been put at risk.
Not everyone has a relaxed attitude to publication of personal contact details: politicians are calling for a public inquiry; the former Head of the Civil Service described the breach as “serious and indeed extraordinary”. He particularly highlighted the need to find out “how well staff were trained about the importance of maintaining security”. The consequences of this data breach will be significant. Individuals will be able to sue if they feel their safety has been compromised by the security breach or simply for loss of privacy.
So if you or your staff handle personal data of clients, employees or just “members of the public”, remember to follow the data protection principles and keep it secure. Remember, staff training is a basic requirement under GDPR.
Joy Higham, Data Protection Practitioner