Email continues to be one of our biggest security threats in terms of personal data breaches under the UK GDPR. With this in mind, and in view of the volume of email usage at MVDC, we thought it would be helpful to remind all staff of the need to be vigilant. Here are some things you can do to protect against a breach of data protection:
- Set a 1 or 2 minute delay for sending emails. Allowing an email to sit in your outbox for a few minutes gives you a chance to recall it if necessary. Here’s how: Delay or schedule sending email messages
- Remember to BCC group recipients with private email addresses.
- Always confirm the “Safesend” email address is the correct one for the person you are intending to send external emails to. It is vital this does not become an automatic process and you recognise that it is your responsibility to avert potential disasters. Do not let Safesend become an automatic click! Think, look and hover before you click!!!
- As above, Safesend is for external email recipients, but there have been serious internal breaches too. Think, look and hover before you click!!!
- Always confirm email attachments are correct – have strong naming conventions in place, and if in doubt open the attachment before sending to check it is the correct one and does not inadvertently contain personal data that should not be being sent.
And while we’re here….
We have also had a spike in Subject Access Requests over the last few weeks. This highlights the importance of understanding what constitutes personal data and where it is stored.
All recorded information counts including handwritten notes, notes made on internal systems such as GovService (Firmstep) and Capita, Emails, Teams Chats and anything held on work mobile phones.
Please be careful what information you record about people, stick to facts rather than opinion and remember anything you write about someone could be seen by them.