The general rule for liability when it comes to data breaches is; the person in charge is responsible. It is therefore in management’s best interests to ensure that all staff that have access to, handle, capture or process personal information are trained in the management of,and adherence to, the relevant security protocol. This protocol should be determined both by the relevant national legislation, as well as the company’s internal policy.
Data security training entails inculcating a deeper understanding of: what constitutes personal data and information; the principles of data protection in line with legislation and company policy; risk management techniques; and the consequences of a breach, both from a company perspective and legally. Through this training, staff should be made fully aware of the duties that they should fulfil to remain firmly within legal data protection parameters.
On a practical level, training should include educating staff about the how to keep information secure, the importance of maintaining the integrity of the information, and ensuring the security of laptops, tablets and cellphones that contain personal data (especially those that are taken home on a daily or weekly basis).
It is essential that this training is adapted to each continent, country, industry, organisation and department to ensure its relevance. In this manner, uncertainties and ambiguities will be avoided.
Are your employees aware of their data protection duties?
To protect your organisation’s information security, and to ensure data protection compliance, contact Kaluma for customised software solutions that support the unique requirements of your organisation’s data security: CLICK HERE.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net