Quotemonster Information Security Bulletin – Training in Privacy Principles
Tackling the leading cause of privacy breaches is simple…but not easy. In a recent team meeting, we had an interactive discussion about the potential breaches that could occur over email. We chose to highlight this topic because for most people in our industry, email is the preferred form of communication, and with no surprises, can be the leading cause of privacy breaches due to human error.
Email communications are a feature of our daily operations, facilitating the exchange of ideas, proposals, and responses to service queries. A significant vulnerability stems from misaddressed emails. This seemingly small error can lead to big risks, compromising personal and client data integrity. Although we rarely handle sensitive client data (most comparisons can be done on our system with quite limited information, much of which is public) we do sometimes handle sensitive adviser data.
A misaddressed email might seem like a simple typo or a momentary lapse, but its consequences can be far-reaching, causing the sharing of sensitive information, which might constitute a notifiable breach, and associated reputational damage.
To address this issue, we focused on training, sending delayed emails, good practices (such as composing with no recipients, only adding those later after checking) and double-checking recipients when we have attached documents. We also regularly use more structured forms of data sharing – such as sharing a file through file sharing systems which have enhanced security structures. In some instances, the message recall button can be used to delete or replace a message, but only works if the message hasn’t been read.
We are pleased to advise that in our thirteen years of business, we have never had any breaches, however as our organisation (and the number of hackers) grow, we are committed to training staff about the reporting procedure if this did occur.
Want to know more?
We are here to help! You can email us to ask for copies of past security bulletins. You can also review our outsource provider statement at the bottom right-hand corner of every page on the site at www.quotemonster.co.nz. More information about relevant certifications, policies, and procedures will be shared in future information security bulletins. We recommend you keep these with other compliance documents.
Please contact us on 09 480 6071 or at info@quotemonster.co.nz if you have any concerns or questions.
ISB 08-202407
