“Many years ago, when I worked in-house at a housing association, an executive director emailed me about a news story and asked me the question “this couldn’t happen here, could it?”
A housing association had suffered a large data breach.
I’ll tell you how I answered later on.
How do you feel when you read about housing associations having data breaches? Hopeful it couldn’t happen in your organisation? Or fearful that it could?
Maybe you’re not sure what the risks linked to a data breach actually are, especially now the multi million pound GDPR fines we were warned about have been few and far between in the UK.
It could feel like the pressure is off.
On the other hand, it appears that ransomware attacks are on the rise in all sectors, and if you Google “housing association data breach” in particular, the first few results include phrases like:
Could you be entitled to up to £5,000 data breach compensation?; and
Your data breach could be worth thousands.
So even without the threat of GDPR fines, a data breach could still cost your organisation many thousands of pounds to respond to it. Not just paying out on ransoms or compensation, but also all the time spent dealing with the incident, and the effects on your customer relationships and colleague morale.
All of this before you even consider the potential, and very real, harm that could be caused, including risk of fraud, scams, harassment, and the worry and stress that goes along with those problems.
Unfortunately there’s no easy fix that will help you sleep at night, knowing you won’t have a data breach. But there are steps you can take to reduce and control the risk of it happening. And most importantly for that peaceful sleep, with the right processes in place you will have robust assurances of the reduction in risks.
Those processes can be described as a Data Protection Governance framework altogether, and should include:
- Purpose identification – identifying your overarching purpose so you can assess data management in terms of the risks and benefits it presents, with reference to that purpose.
- Data roles and responsibilities.
- Stakeholder engagement and communication.
- Risk management.
- Guidance for data handling.
- Monitoring, reporting and continuous improvement.
Our new Programme provides you with the ready-made tools, templates and strategies you need to build an effective Data Protection Governance framework, so you don’t need to reinvent the wheel.
We call it the Data & Purpose Alignment Programme because it is designed to help make sure the way you handle data is aligned with the achievement of your social purpose as a social housing provider. The added bonus is that the framework can be applied to any data types, not just customer data.
And the answer I gave that director all those years ago?
Yes, it could definitely happen here! We’ve been lucky so far that we’ve not had a similar data breach, and we should continue to improve our data protection processes to strengthen our defences.”
To assess your current data protection processes and governance, fill in your details below to subscribe and receive a FREE Data Protection Governance health check and details of the Data/Purpose Alignment Programme.
If you have any questions about data protection, either about governance frameworks or anything else related to personal data, book a free call!
Author: Clare Paterson, CP Data Protection director
Clare draws on over 20 years of experience in risk management and quality assurance, including ten years in data protection, to provide clear and practical advice and training.
Don’t tell everyone (shh!) but Clare’s favourite sector is social housing, having worked in a large housing association for 12 years, although she loves to support all values-led organisations.