As a housing association leader, how well do you know the chances of your housing association having a data breach? Do you know what could happen and how you should respond if the worst does happen?
In this post, our data protection consultant Clare Paterson draws on her sector experience and expertise to explore the risks of a data breach in social housing, and how you can reduce and manage the risks of your housing association having a data breach.
Many years ago, a housing association executive director emailed me about a news story and asked me the question “this couldn’t happen here, could it?”
A housing association had suffered a large data breach. I’ll tell you how I answered later on.
How do you feel when you read about housing associations having data breaches? Hopeful it couldn’t happen in your organisation? Or fearful that it could?
Maybe you’re not sure what impact you’d suffer if you did have a data breach, especially now the multi-million-pound GDPR fines we were warned about have been few and far between in the UK.
It could feel like the pressure is off.
On the other hand, ransomware attacks are on the rise in all sectors, and if you Google ‘housing association data breach’ the first few results include phrases like:
‘Could you be entitled to up to £5,000 data breach compensation?’ and ‘Your data breach could be worth thousands.’
We know of many organisations, including housing providers, who have received compensation claims following fairly small data breaches and organisations who have suffered significant impacts from ransomware or other data breaches that came out of the blue.
So even without the threat of GDPR fines, a data breach could still cost your organisation many thousands of pounds to respond to it. Not just paying out on ransoms or compensation or other mitigations, but also all the time spent dealing with the incident, and the effects on your customer relationships and colleague morale.
All of this before you even consider the potential, and very real, harm that could be caused to the people whose data you hold; identity theft, fraud, scams, harassment, and of course the worry and stress that goes along with those problems.
Unfortunately, there’s no easy fix that can guarantee you won’t have a data breach. But there are steps you can take to reduce the likelihood of it happening and reduce the impact if it does happen.
With the right processes, implemented holistically across the organisation, you can reduce your risks, report on assurances, and be prepared when you are faced with a breach.
We find that data protection/security is often treated as being outside of the ‘day job’, which leads to increased risks when actually, 90% (a guesstimate) of the day-to-day work carried out by housing providers involves handling information about customers or colleagues. Meaning your employees and contractors should be thinking ‘data protection’ while doing their day job.
We’ve developed a six-step model, especially for the social housing sector, that helps to embed good data protection and security into every relevant team and role, in the most painless way possible.
- Purpose identification
- Roles and responsibilities
- Engagement and communication
- Proactive and reactive risk management
- Data handling guidance
- Reporting and continuous improvement
We call this the Purpose and Data Alignment model, and our new Purpose and Data Alignment training programme is delivered over six weeks and provides you with all the ready-to-use tools, templates and training you need to build the model into your organisation, so you don’t need to reinvent the wheel.
This training programme does require a time investment which we understand is not a simple ask, so if you’re not ready to implement the Purpose and Data Alignment model just yet, we can help you prepare for a data breach to give you some peace of mind.
In the data breach planning session, we provide tools and templates you can put in place so you’re not caught unprepared. But most importantly the session provides a safe space for key senior colleagues to discuss scenarios and understand both the legal and ethical drivers that could influence your response to a data breach.
Send me an email at clare.paterson@anthonycollins.com for more details, or to arrange a chat about either training offer.
And the answer I gave that director all those years ago?
“Yes, it could definitely happen here! We can never say never.”
Latest news
Staying friends through a split
More couples are choosing to divorce as amicably as possible, demanding an increase for specialist mediation services and less contentious options, such as ‘collaborative law’. But is it really possible to split and stay friends?
Wednesday 19 February 2025
Read moreAnthony Collins reappointed following Cottsway Housing Association tender for housing services
Social purpose law firm, Anthony Collins, has been reappointed as the sole legal provider of housing services for Cottsway Housing Association (Cottsway) tender, continuing a partnership focused on improving communities.
Tuesday 18 February 2025
Read moreLatest webinars and podcasts
Podcast: Leasehold reform: Commonhold
Emma Lloyd and Raj Flora-Seehra explore the Government’s renewed focus on commonhold tenure
Monday 17 February 2025
Read morePodcast: Who gets the microwave? Episode 2 – Non-court dispute resolution
Listen to the second in a series of podcasts from our matrimonial team where Tom Gregory, Chris Lloyd-Smith and Maria Ramon put down their litigation weapons and discuss the importance of […]
Friday 22 November 2024
Read more