How to Handle Data Breaches

Every week we’re working with clients on areas that include their data governance, and how they are looking after their data. One hot topic is about when it goes wrong (which it will at some point!).

For example, how would you handle someone outside your organisation getting in touch with you to report an issue with how you’re managing your data?

Over the last wee while, we’ve had a few scenarios in everyday tasks that have led us to contact businesses about how they were handling our – and others’ – data, and there were distinctly different outcomes with some.

With the following examples, one dealt with the situation really well and in a way that we felt very confident in their handling of our data. The other one resulted in us reporting them to the Information Commissioner’s Office (ICO).

The difference between them was quite clear – the success came from having a clearly defined process, which people knew and for which somebody took responsibility.

1. Over-enthusiastic marketing: In one instance, a local organisation made frequent contact via phone and email. Despite polite requests to stop, they persisted. We were able to send a formal removal request to the Data Privacy contact listed on their website. They responded quickly, providing time estimates, and kept us informed throughout of actions and next steps. Within a few days, our data was removed and we’ve heard nothing from them since. Just what we wanted!

2. Poor data security: The second instance occurred when we discovered a data breach on a website. We unknowingly accessed files we shouldn’t have been able to get to had the site been correctly designed & implemented. The minute we realised what we had tripped over we attempted to contact through a general contact email but received no response. Although the issue was resolved later (we went and looked!) , the lack of a proper response resulted in them being reported to the ICO and us having a very poor opinion of what they might do with our data.

Managing your data well requires many skillsets across multiple areas of your business. All of the scenarios above had different causes and different solutions. Having staff who were aware, were trained and understood their part of the process and how to achieve a successful outcome was key.

The reputation of your business could be severely affected by neglecting to implement a relatively straightforward set of processes. They may not stop a problem (so many more posts needed to cover potential ways to do that!) but they can help you manage it in the right way.

It’s a reminder that data management is not just a legal requirement but an opportunity to build trust and protect data effectively.
Uncertain of how well you’re taking care of your data? Get in touch with us here at effini to find out about which of our data governance programmes would fit you best.
Published by:
Effini Digital