The Name’s Protection… Data Protection

Whilst watching Daniel Craig’s final outing as James Bond, my mind wandered as I reflected on the distinct parallels between our chosen professions. The game’s Protection, Data Protection.

I’ve lost count of the number of times I’ve had to infiltrate a hollowed-out volcano lair whilst simultaneously dealing with Subject Access Requests with time fuses set to 1 month and data breaches with even shorter fuses of 72hrs for ICO notification.

Recently I was given a top-secret assignment to visit a building on the banks of the River Thames. Unfortunately, no, it wasn’t that building.

M had advised that I was to attend the PrivSec - New Normal conference at Riverbank Plaza in London. Reader, you have been granted top-level clearance to hear of what unfolded.

The PrivSec series of events focus on privacy and security issues. This particular conference was an opportunity to reflect on the challenges which data protection, privacy and security professionals have experienced over the last 24 months, particularly with an enforced work from home regime combined with a mainly unplanned acceleration of digital transformation.

Representation was diverse across a range of industries such as retail, manufacturing and education. Looking around, I wasn’t able to spot any other international secret agents, but come to think of it, they were probably in disguise like myself.

Just as we’re coming to terms with life under GDPR, data protection reforms are on the horizon. A consultation for reforms closed last year. There are a few interesting elements such as the proposal to remove record-keeping requirements under Article 30. Essentially this refers to the document which many of our schools recognise as the Information Asset Register (IAR).

Another headline-grabbing change is the proposal to remove the requirement to designate a data protection officer. Yes, you read that right. Clearly, those writing the proposals haven’t attended the extraordinarily popular Brunch & Discuss. It remains to be seen what the practical impact of the measures would be for our schools but rest assured that we’ll bring you all of the relevant information in plain English leaving you free to focus on what you do best.

A guest speaker recounted the tale of the Scottish employee who fell victim to a whaling attack (think phishing, but with a bigger catch) who was sued by their employer after payments totalling £200k were made to scammers. Fortunately for the employee, the judgement ruled in her favour but the case does highlight the very real danger of online scams. We don’t all need to have access to someone with Q’s level of technical expertise, but extra vigilance when receiving emails and making payments to new accounts will help to safeguard your school.

Other points of interest which we’ll be addressing in the forthcoming Brunch & Discuss sessions include:

Social Media Policy - We’ll provide a template for our schools to customise
Employee Monitoring - How effective monitoring can comply with data protection
COVID Data - Avoiding issues with processing of sensitive data

To conclude, I’m pleased to report that whilst we do need to keep abreast of developments in data protection, thanks to regular updates and health checks, our schools have no reason to feel shaken or stirred.

Sat Singh
Data Compliance Team

Cookie	Duration	Description
ARRAffinity		This cookie is set by websites that run on Windows Azure cloud platform. The cookie is used to affinitize a client to an instance of an Azure Web App.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_129094303_2	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.

Cookie	Duration	Description
ARRAffinitySameSite	session	No description available.
WFESessionId	session	No description available.

Journal

Journal

The Name’s Protection... Data Protection

You might also like

JOIN OUR COMMUNITY

Our Partnerships

Our Partnerships

Airthings

NPW-LGfL recognised support

Citation