With data protection regulations evolving worldwide and the Brexit transition period ending in less than five months – impacting both the GDPR and DPA – now is the time for organisations to future-proof their communication security. Doing so will not only ensure continuous data privacy compliance, it will also help to avoid financial penalties through non-compliance, dissatisfied customers (leading to possible customer churn) and damaged reputation.
A critical early step is to reduce, if not eliminate, the use of faxes and paper communications. Especially within highly regulated sectors such as healthcare, government, legal and insurance, where letters and fax machines are still often relied upon.
Recently in the Netherlands, for example, there was an emergency ordinance issued that all law firms and bailiffs are now obliged to use secure email for communication, instead of faxes and letters, for at least the duration of the Coronavirus pandemic. This development reflects the enforced shift to working from home, where most people do not have a fax machine. Secure email is a fast deployment alternative to faxes and postal mail, enabling the safe transfer and exchange of personal information within digitally signed, legally binding documents. Since the new ruling’s introduction, more than 10,000 legal professionals have started using ZIVVER’s secure digital communications platform to comply.
Another Dutch initiative is the expansion of privacy standards alongside the EU’s existing General Data Protection Regulation. The newly introduced NTA 7516 is a good case in point. Impacting healthcare and municipal institutions that need to email data or transfer files securely, this standard outlines several measures to ensure privacy-sensitive, health-related information can be safely exchanged, digitally.
The NTA 7516 only applies to the Netherlands, but more countries – including the UK – will eventually introduce new data protection standards, some of which are also likely to be industry specific. The reason for this is that the legal sector, for example, works with vastly different information compared to, say, the healthcare sector. Each has its own set of specific data needs, thereby necessitating bespoke industry standards.
From our experience of these initiatives, we have already seen that establishing new standards can help organisations transform how they interact with their contacts, while also creating new opportunities and cost savings potential. All of which are essential for success and longevity, especially in these uncertain economic times.
Turning back to current regulations for a moment, organisations of all types and sizes have an equal level of responsibility when it comes to handling peoples’ personal data. To comply with the GDPR, for example, and sufficiently protect people’s privacy (wherever personal data is stored), it is necessary for organisations to take additional measures to protect the information. One such measure is using advanced encryption techniques that make it impossible for third-party data processors to decipher messages and attachments. This is in accordance with the GDPR’s principle of ‘privacy by design’.
Prevention of human error data leaks is another critical requirement in the safeguarding of citizens’ personal information. Showing the extent of this problem, the UK Information Commissioner’s Office (ICO) stated in its data security incident trends report there were 2629 incidents reported to it in Q4 2019, of which 337 were due to “data emailed to incorrect recipient,” 265 were due to “data posted or faxed to incorrect recipient” and 213 due to “loss/theft of paperwork or data left in insecure location.”
Such mistakes indicate that communication security can only be achieved if there are rigorous checks in place before information is sent out. Methods to help employees minimise errors include raising security awareness, via job-specific training, and the provision of easy to use digital tools to help staff avoid emailing information to the wrong person. Real-time data classification and recipient contextualisation are fundamental requirements of these tools, which also need to function seamlessly with workers’ usual email environments – such as Outlook or Gmail – to ensure widespread uptake. After all, changing the behaviour of employees is one of the hardest things to do!
Switching to digital communication only – incorporating secure email and file transfer technology – would significantly improve the security and speed of communication for organisations, while also cutting costs. Following this digital transformation path would, at the same time, help to future-proof data privacy compliance, as regulations continue to evolve across the globe.
Contributed by Rick Goud, CEO & Founder, ZIVVER