NHS Digital recently updated the Data Security and Protection toolkit for 2019-20 to incorporate the following:

– Cyber Essentials and the Minimum Cyber Security Standard (MCSS) requirements

– Key elements of the Network and Information Systems (NIS) Regulations 2018 Cyber Assessment Framework (CAF) as advised by the National Cyber Security Centre. The proposed updates to the DSPT 2019-20 standard have led to an increase from 100 to 116 mandatory evidence items for NHS trusts. The new toolkit will be live from 3rd June 2019.

Lesson learnt from the recent enforcement:

In April 2019, a former GP practice manager was handed an enforcement fine of £514 for sending personal data to her own email account without authorisation, under section 55 of the DPA 1998 and not under the new DPA 2018; due to the timing of the incident. If prosecuted under the current Act the penalties will be much higher.

1.      Never send personal data to your personal account.

2.      Never redirect or forward emails to external email accounts.

3.      Always double-check that you have the correct email address before hitting the send button. Sometimes the auto-complete may pick up the wrong email address, so please double or even triple check before sending.

4.      Never place personal or confidential data in an attachment or body of the email without encrypting both the mail and the attachment. Always communicate the encryption pass-phrase through a different channel to the email.

5.      Place the word “CONFIDENTIAL” if you are sending a confidential email, so that the recipient can open it in a secure environment.

6.      When in doubt, contact your Data Protection Officer.

Data Security Incidents reported in Q2 2018/19:

There was a total of 4,056 data security incident reports in this period. In the health sector alone, the figures were as shown below:

Let us make every effort to not feature in the above report.

DPO Satisfaction Survey

FedNet recently undertook a survey with Practice Managers on the value of the Data Protection Officer service provided free of charges to practices.  We are extremely pleased to say that the overwhelming response was that the quality and service provided by Radha, our DPO, was rated highly by all respondents.  The majority of practices also expressed a wish for the service to be continued.

Some comments from practices included:

“Radha is helpful and always on hand for any queries. She is an invaluable asset to all Waltham Forest Practices, and we are very happy to have her onboard. Thank you to both Radha and Fednet for all their hard work.”

“Radha has been amazing. Nothing has been too much trouble for her. I know I would have struggled with the toolkit submission without her help. There is still a long way to go as we start the training and ensuring compliance in the coming year and I am extremely grateful for her ongoing support.”

If you would like to learn more about Data Privacy, or require DPO services, email info@Bivika.com.