Thursday Thoughts - 20th August
This week has seen a week of unprecedented “craziness” in the delivery of exam results, the use of algorithms, post code lotteries, cohort sizes and the use of centre assessed grades have featured heavily. I have chosen not to dwell on these matters but in preparation for the new term, which is less than 2 weeks off for some, I share some recent NCSC advice on cyber security in schools for governors and trustees.
When you go back to the basics GDPR is about protecting consumers. Sending unsolicited messages to “recognisable human beings” (using their name or picture) is a GDPR fail. On twitter there was a story of a medical worker who contacted a patient via direct message because they were attracted to them (could be any one of harassment, GDPR breach, abuse of position, breach of trust) and on LinkedIn a discussion of whether unsolicited emails can be sent to Business accounts (depends on the account). Cyber Security and Privacy Trends are featured in a podcast by Aaron Walker and Merry Marwig which is worth listening to if you are new to the subject.
Using social media features quite heavily this week this week including 11 top tips from Alex McCann, suggestions for how businesses can protect what they publish. Alex also gets a spot in Blog of the week because I have acted on his advice, and the Fox Survival tip no 13 is featured because it’s about “treating people as you would like to be treated and helping if you can”.
My “Blogs of the week”
Alex McCann – The Anatomy Of A Perfect LinkedIn Professional Headline.
Kate Fox - Assist, Help & Advise - Fox Survival for 2020! No.13
Cyber Security In Schools – Advice for Governors and Trustees
Schools have always processed a vast amount of personal data about students, staff and parents and have robust procedures in place to protect that data. However, over the last few months they have been reliant on IT and online services more than ever before. This will mean that there have been some new structures and working regimes or processes put in place. At some stage (very soon I would recommend) they will need to make sure that policies and procedures are updated to cover what is actually happening.
As Governors and Trustees are ultimately responsible for what happens in their school there will be a number of questions they will want to ask the school leadership team. These questions follow 3 themes: information seeking, awareness and preparedness. The NCSC has produced an easy to follow guide which you will find here: https://www.ncsc.gov.uk/information/school-governor-questions.
A GDPR Audit is also a really helpful tool to identify where the school is on its “compliance journey”. If you would like more information on our Audit process please DM me.
Sending Unsolicited Emails to Business Accounts – Is it a GDPR Fail?
The regulation around sending unsolicited emails to a B2B account is something many companies do not understand. Often they will quote PECR and say they don't need consent as it's legitimate interest to send to a business account.
However, it depends very much on what the email address is. If it is a generic email address (e.g. info@) then yes they can get our address from a bought in list and send marketing to it without consent (using legitimate interests as their legal basis. BUT, under GDPR if the email address has your name in it then it must have been obtained lawfully.
If you didn’t give it to them then, before a company sends marketing emails to you, they should let you know that they have your address, what they plan to do with it, and give you the chance to opt out of this marketing
GDPR gives you a right to be erased/forgotten. This is a double-edged sword because if you ask to be erased completely then you may be “found” at a later time and marketed to again. The alternative is for businesses to run a “do not contact” or “suppression” list which merely keeps your address so that it can be screened against a marketing list.
11 Top Tips For Social Media
This morning Altrincham & Sale Chamber of Commerce members were treated to a thought-provoking session on the 11 Top Tips for social media. This was presented by Alex McCann of Altrincham HQ who will be celebrating 11 years in business next month. My take outs are to follow interesting people and keep engaging because “contributors win”. Many of the attendees have already added some of his tips to their to do list. The blog will appear on the Chamber YouTube Channel shortly.
Protecting What You Publish On Social Media
Most organisations and businesses use social media these days and it pays to be wary of unauthorised content appearing on our social media channels. The NCSC recently issued new guidance on how to reduce the likelihood of damaging content being posted. The guidance is particularly useful for those who are setting up social media accounts but others involved in the process will also find it useful. In particular NCSC recommend that businesses:
Make sure that only authorised staff can publish content
Use platforms and tools with good security features
Make sure content can be reviewed and authorised before being published
Use corporate devices to create and publish content
Have an emergency recovery plan in place
Make sure everyone involved in the production of social media is aware of the risks arising from its control, use and administration
Have a password policy to control access to social media accounts
You can read the NCSC guidance here: https://www.ncsc.gov.uk/guidance/social-media-protect-what-you-publish
NHS Test and Trace App – More information
More information has been released on the security of the Test and Trace App. It is good to see that user trust as the foundation and:
• the app does not put people’s safety at risk,
• the app preserves the privacy of its users
• that the designers and operators of the app are open about how it works and it’s limitations
• that it works
I was interested to read about the “check in” facility. If you haven’t had enough of T&T you can find the article here: https://www.ncsc.gov.uk/blog-post/nhs-test-and-trace-app-security-redux
Cyber Security and Privacy Trends
Recognising that some organisations have not yet got to grips with even the basics of cyber security I thought I’d share a recent podcast on the subject, sometimes it’s easier to listen to someone discuss the issues rather than read about it. This week’s Cyber Security Matters features Aaron Walker and Merry Marwig talking about why privacy and cyber security are important and how this affects remote workforces. Clearly the focus of this blog is the Californian (CCPA) rather than the GDPR but It’s all about protecting consumers and is really simple to understand. You can listen to the podcast here: https://cybermonday.podbean.com/e/ep-050-cyber-security-and-privacy-trends-w-aaron-walker-and-merry-marwig-g2/
Make sure you patch your IBM Db2 relational database
IBM Db2 versions for Linux, UNIX, and Windows (9.7, 10.1, 10.5, 11.1, 11.5) have a flaw which means that shared memory does not have all the necessary access protections. A patch was released on June 30 so if you haven’t already done so make sure you update your software. IT geeks may want to read more here: https://www.bleepingcomputer.com/news/security/memory-leak-in-ibm-db2-gives-access-to-sensitive-data-causes-dos/
VODAFONE ESPAÑA Fined
The Spanish Data Protection Authority has fined VODAFONE ESPAÑA €75000 for using an individual’s telephone number marketing purposes after they had exercised their right to erasure in 2015. Apparently because the number was easy to remember staff used as a “dummy number” to send SMS messages to. You can read more about the Spanish DPA here: firstname.lastname@example.org
Blogs of the week
Alex McCann – The Anatomy Of A Perfect Linked In Professional Headline.
The headline is the bit of your LinkedIn Profile that is the most visible. People see it with your picture when you ask for a connection, comment or even post an update. Many of us have Job Title at Company Name is the most common structure but Alex argues that your headline is your 1-line pitch to gain peoples interest and is included in so many places across LinkedIn. His blog is here: https://altrinchamhq.co.uk/the-anatomy-of-a-perfect-linkedin-professional-headline/
Kate Fox - Assist, Help & Advise - Fox Survival for 2020! No.13
I think that the tip in the Fox Graphics Design and Marketing blog is spot on - ‘treat people as you would like to be treated and help if you can, in whatever shape or form that is’. It is so much better for us all when people are there for us rather than the ever-present salesperson constantly pushing and selling all the time. People remember those who interacted on a human level and those who did not. You can read the full blog here: https://foxgraphicsdesign.com/2020/06/11/fox-survival-no-13-assist-help-advise/