The Name’s Protection... Data Protection

Whilst watching Daniel Craig’s final outing as James Bond, my mind wandered as I reflected on the distinct parallels between our chosen professions.  The game’s Protection, Data Protection.

I’ve lost count of the number of times I’ve had to infiltrate a hollowed-out volcano lair whilst simultaneously dealing with Subject Access Requests with time fuses set to 1 month and data breaches with even shorter fuses of 72hrs for ICO notification.

Recently I was given a top-secret assignment to visit a building on the banks of the River Thames.  Unfortunately, no, it wasn’t that building. 

M had advised that I was to attend the PrivSec - New Normal conference at Riverbank Plaza in London.  Reader, you have been granted top-level clearance to hear of what unfolded.

The PrivSec series of events focus on privacy and security issues.  This particular conference was an opportunity to reflect on the challenges which data protection, privacy and security professionals have experienced over the last 24 months, particularly with an enforced work from home regime combined with a mainly unplanned acceleration of digital transformation.

Representation was diverse across a range of industries such as retail, manufacturing and education.  Looking around, I wasn’t able to spot any other international secret agents, but come to think of it, they were probably in disguise like myself.

Just as we’re coming to terms with life under GDPR, data protection reforms are on the horizon.  A consultation for reforms closed last year.  There are a few interesting elements such as the proposal to remove record-keeping requirements under Article 30.  Essentially this refers to the document which many of our schools recognise as the Information Asset Register (IAR).

Another headline-grabbing change is the proposal to remove the requirement to designate a data protection officer. Yes, you read that right. Clearly, those writing the proposals haven’t attended the extraordinarily popular Brunch & Discuss. It remains to be seen what the practical impact of the measures would be for our schools but rest assured that we’ll bring you all of the relevant information in plain English leaving you free to focus on what you do best.

A guest speaker recounted the tale of the Scottish employee who fell victim to a whaling attack (think phishing, but with a bigger catch) who was sued by their employer after payments totalling £200k were made to scammers. Fortunately for the employee, the judgement ruled in her favour but the case does highlight the very real danger of online scams. We don’t all need to have access to someone with Q’s level of technical expertise, but extra vigilance when receiving emails and making payments to new accounts will help to safeguard your school.

Other points of interest which we’ll be addressing in the forthcoming Brunch & Discuss sessions include:

  • Social Media Policy - We’ll provide a template for our schools to customise
  • Employee Monitoring - How effective monitoring can comply with data protection
  • COVID Data - Avoiding issues with processing of sensitive data

To conclude, I’m pleased to report that whilst we do need to keep abreast of developments in data protection, thanks to regular updates and health checks, our schools have no reason to feel shaken or stirred.

Sat Singh
Data Compliance Team