The Charity Accountant - Charities, Accountants and Data Protection
Charities, Accountants and Data Protection
More and more we are starting to see Hacking being used to steal our confidential information as opposed to the traditional ways. Big companies often find themselves more at risk despite having higher security than a sole trader would. Yahoo is the latest news worthy victim losing millions of people’s login details and account information. (luckily I’m with google)
These disturbing stories can seem distant and unlikely to small charities and accountancy firms but the risks are very much still there. One of the easiest ways you can be hacked is through scam emails. All it takes is one click in a scam email and you can lose everything (or be ransomed with your own information!)
This raises the question of what happens when it comes to data protection and being hacked? Something, I would imagine, most large companies would have a policy on. Most small charities and even most small accountancy firms are unlikely to have a strong policy on issues like this. After all who is going to target such a small organisation?
If there is no policy in place think about these questions and then you may change your mind.
If there is no policy in place is it your fault for not taking the proper precautions?
If there has been no formal training is that again the fault of the organisation?
If you do not have virus protection on your computer are you being negligent?
Are you using an email account with a poor spam filter and if so would that mean you were to blame?
You could argue that it’s the fault of the Hacker and to a certain degree it is. However, if you as an organisation are not taking the correct precautions you are not being responsible with confidential information. Confidential information being lost can be financially damaging and mentally unsettling for employees and volunteers. Your responsibility as a data controller is to make sure you take every precaution with all confidential information.