Breach Notification

The term ‘data breach’ can sound quite dramatic, but the reality is that breaches often occur by mistake rather than as a result of malice.

A data breach occurs whenever the security of personal data is compromised. This could be as simple as sending an email to the wrong person, leaving a folder containing paper financial records on the bus, or wiping a computer drive which contained important records.

It does not matter if the breach occurs by accident or as a result of deliberate actions.

Some churches may need to pay a notification fee to the regulatory authority: in the UK’s case, the ICO. The ICO is also who you need to inform if you experience a significant data breach. You must do so within 72 hours, and you must keep a record of the breach as well.

You do not necessarily need to let the individuals know, however, you must do so if there is a high risk of an adverse effect against their rights and freedoms.

In our example of the mis-directed email, you may not need to inform anyone. You could use an email tool to recall the email before it is opened, or contact the recipient and ensure that they delete the email before reading it, or perhaps the email does not contain any data which is sensitive and is a simple rota reminder. 

However, if the email was sent to, for example, a parent whose access to their children had been revoked by the courts, and contained information about the children’s whereabouts or wellbeing, then you could find yourself in a much more serious situation.

In our example of leaving a folder on the bus, you would likely need to inform the individuals and alert the ICO. Financial information can be used for identity theft, and for this reason we recommend that hard copy records are very carefully managed within the church.

Wiping a computer drive may seem like an inconvenience rather than a breach, but the ICO defines loss of data, not just unauthorised access or alteration, as a breach. 

It is really important for churches to regularly review their security procedures and policies to make sure the risk of a data breach is as minimal as possible. iKnow Church can help as it has detailed access level controls ensuring only the right people have access to your church information.  All emails sent from iKnow Church are sent individually to people ensuring that the email addresses aren't revealed to other people in the church. 

You can read more about data breaches and when/how to report them on the ICO website

How iKnow Church can help

When using the Communication Suite to send out emails, iKnow Church will always send individual emails to people, preventing the risk of everyones email address being accidentally revealed to each other.

As the UK's Leading Christian Software Company our iKnow Church software is also regularly tested to ensure that data held within it is safe. There are also advanced access levels so that only the right people in the church have access to personal data. 


 




Terms and Conditions | Our Privacy Policy | Disclaimer