A recent prosecution by the Information Commissioner’s Office (ICO) highlights the importance of workers keeping log-in details private. UK employers should reiterate this to their staff and reassess their security policies.
A former employee of an accident repair company has breached the Computer Misuse Act 1990 by using — without permission — his colleagues’ log-in details to access Audatex, a vehicle repair valuation software system. The software contained customer information. The individual pleaded guilty to securing unauthorised access to personal data and was sentenced to six months in prison.
Sharing log-in details is not uncommon between staff. However, employers should be vigilant in discouraging this. If a staff member misuses log-in details you risk, at the softer end, accidental deletion of data, and at the sharper end, breach of the new GDPR (with its crippling possible fines). Either of these will also likely result in serious reputational damage and loss of customers.
So, what can you do?
You should ensure that each staff member has personal log-ins that are terminated once they leave the company. You should also impress on new joiners, both as part of the onboarding process and in the Staff Handbook, the importance of data security and keeping log-ins private.
It is also crucial that your company complies with the new GDPR and other data protection rules in properly storing personal data.
This might include reviewing your approach to data retention time-limits, encryption, and data protection impact assessments.
Sparqa can help you tackle these problems.
Visit www.sparqa.com for further advice on proper data management and the practical matters to consider when a staff member joins or leaves your company.