ICO report on data breaches

We know from talking to you all that keeping your data safe is a big issue.

You may have seen that the Information Commissioner’s Office has had six times more data breaches reported by charities in the first quarter of 2018 than for the same time the previous year. A large part of this rise will be down to the new data protection regulations which have been introduced. If you’re interested in the detail of their findings, you can download the data from their website here. It shows that the highest incidence of data breaches happens through phishing attacks. The best defence against phishing is staff awareness, so it’s worth considering training all staff on this if you’ve not done so.

The second highest incidence of data breaches is by unauthorised access, so when you’re thinking about the security of your Lamplight database don’t forget to remove database operator access to your system from staff and volunteers who no longer work for you. Deleting them from the database operators’ table will mean that they can’t log in to Lamplight, but all the records that you have for them will remain intact.  You may want to make sure you have this as part of your leavers process, or schedule in a regular review of operators.

For support with data security more generally you may find the National Cyber Security Centre’s resources for small charities useful. They also provide a handy one-page reminder that can be downloaded. There is also an interesting report (if you’re so minded!) on ICO information risk reviews at eight charities, which you can find here.