With the global pandemic forcing the majority of the workforce to work from home indefinitely, data breaches and data security have been at the forefront of business concerns.
Richard Forrest is a Legal Director at a UK-based data breach claims solicitors, Hayes Connor. He has represented clients in some of the most complex and high-value data breach cases, including Dixons Carphone, British Airways, and Ticketmaster. He also manages the Hayes Connor team on a day-to-day basis, focusing on identity theft, phishing, hacking, fraud, copyright infringements, cyber extortion, and online harassment.
Here, he explores a recent data breach survey, commissioned by Hayes Connor solicitors, detailing how businesses can protect sensitive data in 2021.
Data breaches have increasingly become a cause for concern for businesses in a wide variety of sectors over the past decade. 2020 presented additional unique challenges, brought on by the need to quickly convert entire workforces to remote working during lockdown.
A study of UK office workers, commissioned by data breach claims experts Hayes Connor, investigated what steps companies took to help protect against data breach risks during the height of the COVID-19 pandemic in 2020. It exposed the lack of adherence to data protection obligations, and we want to explore this further.
Hayes Connor Data Breach 2020 Survey Key Stats
The survey presented a number of interesting statistics regarding data breaches in the UK in 2020. It found that:
- 1 in 5 employees had received no data protection guidelines while working from home during lockdown.
- 1 in 5 had received no training for handling company data, GDPR or cybersecurity.
- 1 in 4 companies are not using encrypted email software.
- 2 in 3 companies are failing to get both password protection and encryption security policies in place.
- 2 in 3 employees who printed documents at home admitted to putting these documents in the bins both in and outside their house.
Richard Forrest, Legal Director at Hayes Connor, commented on the trends from the survey results, saying: “The stats confirm a worryingly high number of employees haven’t received data protection guidelines or aren’t sure if they have or not. Human error is the leading cause of data breaches so companies not doing enough to inform their staff of what they need to be doing to protect sensitive data is shocking.”
Christine Sabino, also Legal Director at the firm, added to this: “Whilst the lockdown may have caught companies off-guard, data protection is never something companies should take lightly. The organisations that did not react at all or even those that did not react fast enough to the change to home working have really let down the people’s whose data they hold.”
The Consequences of a Data Breach Are Severe
Ultimately, companies have a wide range of legal obligations regarding data security, and the consequences of a breach could be severe. If they fail to uphold these responsibilities, and it’s found that the issue was caused by human error, outdated processes, or weak cybersecurity, then they will likely face hefty repercussions.
The Information Commissioner’s Office (ICO) will often take swift action, assessing the causes of the breach and the company’s response. They’ll then decide on the severity of the subsequent penalty on the business.
Not only this, but reputational damage associated with a data breach is sure to follow. Also, individuals affected by a data breach may also be in line to claim compensation for damages.
If employers are not able to get their employees up to speed with the correct practices regarding data security, it’s likely that the issues highlighted in the survey will persist throughout 2021. This will put companies, as well as their employees, customers and clients, at an increased risk of suffering a damaging data breach.
Regulatory Advice for Finance Companies to Avoid Data Breaches
It is evident, then, that employers need to take every possible step to reduce the potential for data breaches occurring while employees continue to work from home. Starting with regular training on the intricacies of GDPR and cybersecurity will help to reduce the human error risks.
However, training sessions can only achieve so much. That’s why it’s important that companies, particularly those who handle delicate financial information, invest in regulatory solutions to help prevent the risk of data breaches.
Keeping on top of the various legal obligations regarding data privacy can become challenging, which only adds to the complexity of financial relationships. Regtech is one such regulatory solution companies in the financial industry can turn to.
Regtech is a community of tech companies that solve issues related to data breaches and other fraudulent digital activity. It works by using automated processes and machine learning to monitor and report transactions that take place online in real-time.
This helps to identify any issues or irregularities that occur in the digital sphere, which ultimately helps to minimise the risk and costs that are commonly associated with any lost funds resulting from a data breach.
As indicated in the survey, it’s clear to see that not enough is currently being done to ensure that data security is handled in the right way. With lockdown measures set to continue for much of 2021, in some form or another, it’s more important than ever that companies work proactively to prevent the risk of falling foul to an otherwise avoidable incident.