As a housing association leader, how well do you know the chances of your housing association having a data breach? Do you know what could happen and how you should respond if the worst does happen?
In this post, our data protection consultant Clare Paterson draws on her sector experience and expertise to explore the risks of a data breach in social housing, and how you can reduce and manage the risks of your housing association having a data breach.
Many years ago, a housing association executive director emailed me about a news story and asked me the question “this couldn’t happen here, could it?”
A housing association had suffered a large data breach. I’ll tell you how I answered later on.
How do you feel when you read about housing associations having data breaches? Hopeful it couldn’t happen in your organisation? Or fearful that it could?
Maybe you’re not sure what impact you’d suffer if you did have a data breach, especially now the multi-million-pound GDPR fines we were warned about have been few and far between in the UK.
It could feel like the pressure is off.
On the other hand, ransomware attacks are on the rise in all sectors, and if you Google ‘housing association data breach’ the first few results include phrases like:
‘Could you be entitled to up to £5,000 data breach compensation?’ and ‘Your data breach could be worth thousands.’
We know of many organisations, including housing providers, who have received compensation claims following fairly small data breaches and organisations who have suffered significant impacts from ransomware or other data breaches that came out of the blue.
So even without the threat of GDPR fines, a data breach could still cost your organisation many thousands of pounds to respond to it. Not just paying out on ransoms or compensation or other mitigations, but also all the time spent dealing with the incident, and the effects on your customer relationships and colleague morale.
All of this before you even consider the potential, and very real, harm that could be caused to the people whose data you hold; identity theft, fraud, scams, harassment, and of course the worry and stress that goes along with those problems.
Unfortunately, there’s no easy fix that can guarantee you won’t have a data breach. But there are steps you can take to reduce the likelihood of it happening and reduce the impact if it does happen.
With the right processes, implemented holistically across the organisation, you can reduce your risks, report on assurances, and be prepared when you are faced with a breach.
We find that data protection/security is often treated as being outside of the ‘day job’, which leads to increased risks when actually, 90% (a guesstimate) of the day-to-day work carried out by housing providers involves handling information about customers or colleagues. Meaning your employees and contractors should be thinking ‘data protection’ while doing their day job.
We’ve developed a six-step model, especially for the social housing sector, that helps to embed good data protection and security into every relevant team and role, in the most painless way possible.
- Purpose identification
- Roles and responsibilities
- Engagement and communication
- Proactive and reactive risk management
- Data handling guidance
- Reporting and continuous improvement
We call this the Purpose and Data Alignment model, and our new Purpose and Data Alignment training programme is delivered over six weeks and provides you with all the ready-to-use tools, templates and training you need to build the model into your organisation, so you don’t need to reinvent the wheel.
This training programme does require a time investment which we understand is not a simple ask, so if you’re not ready to implement the Purpose and Data Alignment model just yet, we can help you prepare for a data breach to give you some peace of mind.
In the data breach planning session, we provide tools and templates you can put in place so you’re not caught unprepared. But most importantly the session provides a safe space for key senior colleagues to discuss scenarios and understand both the legal and ethical drivers that could influence your response to a data breach.
Send me an email at clare.paterson@anthonycollins.com for more details, or to arrange a chat about either training offer.
And the answer I gave that director all those years ago?
“Yes, it could definitely happen here! We can never say never.”
Latest news
Anthony Collins maintains top-tier rankings in The Legal 500 2025 edition
Anthony Collins maintains its position as a top-tier firm in five practice areas in The Legal 500 2025 edition, with 23 lawyers being ranked in the leading partner, leading associate, […]
Wednesday 2 October 2024
Read moreAnthony Collins expands corporate team with new legal director
Joe has over ten years’ experience in supporting dealmaking activity, advising organisations in the health and social care sector such as specialist care, supported living and children’s care. As well […]
Tuesday 1 October 2024
Read moreLatest webinars and podcasts
PODCAST: Who gets the microwave?
The first in a series of podcasts from our matrimonial team begins with the team discussing what happens to pets during divorce and separation.
Friday 16 August 2024
Read morePODCAST: 12.07% holiday accrual is back… But not for everyone!
In the podcast we will outline the new Working Time Regulations legislation in detail, noting when the provisions coming into force, whilst also providing practical examples and guidance for employers across all sectors.
Friday 1 December 2023
Read more