Cyber Security Alert - Data Protection Update
The NCSC has issued an alert to the academic sector following a spate of online attacks against UK schools, colleges and universities.
Ransomware attacks typically involve the encryption of an organisation’s data by cyber criminals, who then demand money in exchange for its recovery. The NCSC dealt with several ransomware attacks against education establishments in August, which caused varying levels of disruption, depending on the level of security establishments had in place.
The NCSC have created a number of resources to help staff and organisations keep safe online. Practical tips for everyone working in education includes guidance about choosing a password, phishing and working from home. For more details about the cyber security alert see the full report here: https://www.ncsc.gov.uk/news/alert-issued-following-rising-attacks-on-uk-academia
Our expert data protection team is available to advise on implementing appropriate policies and procedures, as well as providing in house training. If you have experienced a data breach we have specialists on hand to advise on notifications and negotiations with the ICO.
ICO Publishes Guidance for Test and Trace
The Information Commissioner’s Office has published guidance for organisations mandated to collect customer and visitor information for Covid-19 tracking purposes.
It is now mandatory for all businesses in the hospitality, leisure and tourism sectors and those providing 'close contact' services (such as hairdressers and tattoo artists), in England, to collect certain customer information for the test and trace programme. These rules will affect retail and catering outlets on University campuses.
The ICO guidance encourages organisations to follow five simple steps to ensure that they handle this information responsibly, including only asking people for the specific information that has been set out in government guidance; being clear, open and honest with people about what is being done with their personal information; and keeping people’s data secure. Click here for the full guidance.
However, if in addition to sharing data with the NHS test and trace programme, these businesses are also required to share data with the University, you must ensure that appropriate data sharing agreements are in place and that their privacy notices for staff, customers and visitors are up to date and cover sharing personal data for this purpose.
If you would like to discuss how these rules affect your institution, please contact Andrew Gallie on 07467 220831 in our Data Protection team, or fill out the form below.