DATA OFFICE ADVISE CAUTION WHEN REMOTE WORKING
The Continuous need to be vigilant with our data
Working remotely creates more risk for us as an organisation. Where data handling is concerned, the need to be extra careful in how we manage data is greater than ever. We must continue to follow our data protection rules as outlined in the Data Management Policy Notes Link. If we do this we should not have any problems. The following is a reminder of what we can/cannot/should do:
1. Sending confidential data to personal emails
To ensure that all data is kept safe, do not send confidential data to personal email accounts. Only use CSO/section emails. Under Data Management Policy rules the outward electronic transfer of A (A1, A2, A3) data are not permitted. The rules of classification B, C and D data are set out on page 76 of the Data Management Policy. In brief, it states that it may be necessary to email data but the access controls established by the Data Owner must be adhered to. If in doubt, do not send. Check with your manager.
2. Avoiding sending work emails and their attachments to the wrong person
Errors in sending emails happen more often than we would like. Mistakes are easy to make, and when things go wrong, a statistical or personal data breach has almost certainly occurred.
Simple errors, such as sending to the wrong person, retaining an unrelated email thread at the bottom of a message, or including the wrong attachment may often seem trivial but it can have serious consequences: for the people whose personal data has been inadvertently disclosed, for the sender, and for the CSO as a whole.
So before sending that email THINK ABOUT:
• Ask yourself, is email the most appropriate way to share this personal information? It might be the quickest, but is it the safest?
• Consider whether you have the right to share the information, whether it needs to be seen by all recipients, and remember that email is not considered a secure means of communication unless further steps are taken to protect message contents. Look at the IT security and best practices set out on Lotus Notes Home Page for guidance.
• If you really need to send the email, check to whom you're sending it, proof read your message, double check the attachment(s). And then check again.
• Be careful not to include too much information. Forwarding an email thread to someone new? Check if the previous messages contain personal or statistical information the new recipient isn't entitled to see.
• Sending an attachment? Make sure you send as little data as possible and anonymise and/or encrypt as necessary.
• Consider whether all recipients really need to know who else your email has been sent to. If you're sending a message to a number of unconnected people, or it contains personal information, you may need to hide the recipients, using BCC rather than To or CC is better
• Avoid reusing old emails as templates - it's all too easy to retain the original personal or statistical data when sending on to someone else. Preferably create a new template.
When you are in rush, it's easy to fire off emails. Mistakes occur when the sender is distracted, multi-tasking, or working to a tight deadline
So Always, Always, Always take 5 seconds to make a final check of the To, CC and BCC lines.
3. If you discover or suspect that a data breach has occurred
If you suspect or discover that a data breach has occurred please let data office know as soon as possible. The procedures as outlined in the Data Management Policy continue to apply. The breach should be logged on the Data Office Helpdesk. A report will need to be completed. See Notes Link for the form. This can be attached to the notification. You can also contact the following Data Office Staff directly for advice:
Contact:
email Dataoffice@cso.ie
4. Finally and most importantly stay safe everyone
Regards
Data Office