To Print or Not to Print – in this week’s Thursday Thoughts I discuss whether we should really be printing work data at home. Also a discussion on the suitability or not of WhatsApp for business as usual’ communication. There is the usual round of advice and guidance and a short piece on marketing lists and using data brokers (this, and other Social Media and Marketing matters will be the subject of a conversation between Maeri Howard, Alex McCann and Myself in the near future – watch this space it may even feature as a “Video of the Week”).
It’s 2 weeks since the news that we can expect an announcement on the "UK adequacy decision” sometime soon. Nothing has been seen at the time of writing. I also share a link to Fieldfisher’s freely-accessible, online copy of the UK GDPR. By way of advice and guidance there is a link to the NCSC paper “how to recover a hacked account” and a warning about Chrome and Edge browsers. In the news: Tim Cook’s comments on Facebook, a New Privacy Law for Virginia and the UK publishes Draft Electronic Communications (Security Measures) Regulations.
Videos and Blogs of the Week
Alex McCann – The Social Conversation
Simplilearn - Cyber Security In 7 Minutes
Helen Calvert - I love my business – but please don’t talk about making money
Printing at Home
GDPR does not stop you from printing data at home, but there are things every employee working from home should consider. Are they permitted to do so? Some organisations do not permit printing at home and say so in the staff handbook or data protection policy. Others take the decision out of the hands of the employee and disable local printers. Do you really need to print? Is it appropriate or necessary. And finally what security measures are in place for that data? How can you store it securely, how to stop others seeing the data and what to do with it when you have finished with it.
Using WhatsApp in Schools and Businesses
WhatsApp is a great communication tool for individuals and we have seen it used by health professions during the pandemic but only where there was no alternative and it would save lives. There are however great risks in using WhatsApp to share personal data in business, particularly in Trusts and Schools. Not least the privacy issues of sharing personal phone numbers with everyone in the chat, or the very real temptation to cross post from one chat to another. The ICO says it may be used in limited circumstances but in my opinion it is not suitable for ‘business as usual’ communication at all.
Marketing Lists and Data Brokers
There are many companies who exist solely to collect consumer information, Experian, Datalogix, and Statlistic to name a few. These organisations are known as “data brokers" - because they collect and sell or license the “brokered personal information of a consumer with whom the business does not have a direct relationship”. If you are in UK (or the EU) and you want to use a data broker then you MUST let the data subject know you have their data and where you got it from before you start processing it. Using the excuse that it would be too complicated or expensive can lead to fines as companies throughout the EU are finding. A simple email to all recipients will suffice – as long as you give them the option to unsubscribe.
Data Transfers Between UK and Europe
AKA the adequacy debate. For those worrying about data transfers to Europe post 31 December a quick reminder that there is a 6 month "window". This interim period will allow seamless data transfers to UK and extends the time before the adequacy decision has to be made. On 14 Jan 2021 there was an announcement that a "UK adequacy decision" is on its way in the next few weeks. The Commission announced that it will finish it’s assessment and send it to the European Data Protection Board for opinion in the next few weeks. Nothing has been seen at the time of writing but I’d recommend following Katie Hewson on Linked In if you want to read more: https://www.linkedin.com/pulse/brexit-trade-deal-what-does-mean-data-protection-law-katie-hewson/?trackingId=gUwbO1%2BTdDZW%2BYoUvjPuyA%3D%3D
The UK GDPR – vs EU GDPR
Post Brexit GDPR is saved into UK law and becomes the UK GDPR. But what is the difference? Basically the UK regulation is the same as GDPR, it follows the same article numbering and has supporting recitals that explain the text. Where articles are only relevant in the EU they are left intentionally blank in the UK legislation. This week Fieldfisher shared their freely-accessible, online copy of the UK GDPR. It’s a superb piece of work, cross referenced and hyperlinking each article with the corresponding recitals. You can access the text here: https://buff.ly/2NDqrxX
Recovering a Hacked Account
There are so many scams around at the moment I thought I’d share a link in case the worst happens and you discover that your account has been hacked. One of the first indications can be that you are locked out of the account but there are also more subtle signs to be aware of (logins from strange locations/at unusual times, changes security settings or messages sent that you don't recognise. To stop this happening make sure to update your devices and set up 2-factor authentication but if the worst happens contact your provider, change passwords and notify your contacts. You will find helpful guidance from the NCSC here: https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
Google Chrome and Edge Browsers Hijacked
The Hacker News reports that more than a dozen Google Chrome and Microsoft browser extensions have been hijacking search results for millions of users and replacing URLs with malicious sites. The extensions for Chrome and Edge took victims to arbitrary URLs, including phishing sites and ads. The extensions in question include Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader and VK Unblock you can read more here: https://thehackernews.com/2021/02/over-dozen-chrome-extensions-caught.html
In the News
Tim Cook Takes Aim at Facebook and Doesn’t Mention Their Name Once
Apple’s CEO Tim Cook “went on the offensive against Mark Zuckerberg and Facebook.” He cleverly took direct aim at Facebook and yet never mentioned the company by name. In his speech he said “Technology does not need vast troves of personal data stitched together across dozens of websites and apps in order to succeed. Advertising existed and thrived for decades without it”. Here is the article: https://www.inc.com/justin-bariso/tim-cook-may-have-just-ended-facebook.html
Boris the BabyBot: A Little Book About Big Data
Data protection is often a dry topic. So an illustrated storybook which takes a silly look at the world of digital surveillance (through the eyes of a baby-tracking robot) is to be recommended. The book exposes the secret world of Big Data, in fun and engaging way.
A New Privacy Law for Virginia
With effect 1 January 2023 there will be a new privacy law (Consumer Data Protection Act) in Virginia after both privacy bills were passed the Virgina House and Senate. You can read more here: https://lnkd.in/efSUGE6 and https://lnkd.in/ewsip-S
Draft Electronic Communications (Security Measures) Regulations
The UK have published draft regulations setting out security measures to be taken by providers of public electronic communications networks and services. The bill, if passed, would be a significant change to the security obligations imposed on providers of electronic communications networks and services. You will find the draft regulations here: https://www.gov.uk/government/publications/draft-electronic-communications-security-measures-regulations
Videos and Blogs of the Week
Alex McCann – The Social Conversation
In my quest to find engaging content this week I watched the first ever episode of Alex’s “the social conversation”. this week’s guests were little red pizza co, off the wheaten track and McHale and Co. In their chat they talked about Captain Tom, Racism and KitKat Gate as well as WhatsApp and loads more. Real, engaging content and fantastic to get to know the people behind the names. Worth a watch! https://youtu.be/cE3gRD2wrEk
Simplilearn - Cyber Security In 7 Minutes | What Is Cyber Security: How It Works?
If you don't know your man in the middle attack from your phishing attempt then this video is for you. Simply explained in 7 minutes what cyber security is, what an attack looks like and how to implement a cyber security regime. Here’s the link: https://youtu.be/inWWhr5tnEA
Helen Calvert - I love my business – but please don’t talk about making money!
Money mindset is a big issue for the self-employed. As Helen says no one is going to make you do anything you don’t want to do but knowing how to approach the subject is a start. Helen recommends 4 Steps: Calm down, Get Clear, Find your Confidence and Focus. You will find a link to her blog here: https://www.clear-day.co.uk/uncategorised/i-love-my-business-but-please-dont-talk-about-making-money/