Data security has always been important. In fact, it is more important today than it has ever been as we live in a growing data and digital-driven world. This has introduced some new and interesting challenges but may also deliver benefits which have a positive impact on you, others or your organisation. For example, sharing data can help make life easier, more convenient and connected when you have not had time to shop and need to order your groceries online.
Technology and systems must be designed with privacy and security in mind to ensure the safe and effective use of information that does not pose unacceptable risk to our business or the people in our care.
Poor data protection, information management and security can cause personal, social and reputational damage. You could potentially be held personally accountable for a major breach and be faced with disciplinary action as a result.
What are personal breaches?
Personal data breaches can include:
Unauthorised access by third party
Deliberate or accidental action (or inaction) by a controller or processor
Sending personal data to an incorrect recipient
Computing devices containing personal data being lost or stolen
Alteration of personal data without permission
Loss of availability of personal data
What steps can you take to avoid such breaches?
You can take the following steps to avoid breaches:
Read and comply with your organisation's policies on:
Data protection
Information/records
Security management
Complete relevant training and put into practice your learning
Apply core data protection, security, records management and confidentiality principles in your day to day processing of data
Use relevant best practice guidance
Data Security
Data security can be broken down into three areas:
1. Confidentiality
2. Integrity
3. Availability
Confidentiality
Confidentiality is about privacy and ensuring that information is only accessible to those who have a proven need to see it.
It would be unacceptable for a perfect stranger to be able to access sensitive information from a laptop simply by lifting the lid and switching it on. That is why a laptop should only be accessed by authorised users via facial recognition, or password protection and the data on it encrypted when switched off
Integrity
Integrity is about information being accurate and up-to-date. Systems must be designed so that the input and management of information is not prone to human error and that the flow of information does not result in loss or alteration.
Availability
Availability is about information being there when it is needed to support care. System design must include appropriate access controls and checks, so that the information in the system has consistency, accuracy, can be trusted as correct and can be relied on when providing healthcare or social care
Example in action
Anabel has an accident while decorating her flat and falls badly, hurting her leg. She calls an ambulance. The paramedics ask Anabel for her name and address and ask her about her injury. They can see that she is in pain and ask if she is allergic to any medications. She isn’t sure.
The paramedics use their tablet device to look up Anabel’s Summary Care Record (SCR) as their role allows them to access details of her medical history. A SCR is an electronic record of citizen information that is sourced from the GP record. As a minimum, it contains details of current medications, allergies and adverse reactions and the citizen’s personal information.
By accessing Anabel’s record, the paramedics can see that Anabel is actually allergic to morphine, so they administer an alternative pain relief while she is driven to hospital, where she is treated for her injuries.