Organisations in Jersey need to prioritise staff training and have relevant and effective data protection policies and procedures to ensure a greater level of compliance.
That’s the message from the Jersey Office of the Information Commissioner (JOIC) as they publish the findings of a second virtual audit on a health service sector, as part of their ongoing audit programme.
Organisations should have in place robust controls, policies, procedures and technology and provide appropriate training to ensure the safety of individuals’ data and mitigate potential risks. The JOIC publish lessons learned so industry can learn from the audit outcomes.
The Commissioner is drawing data controllers’ attention to the common threads in the outcomes and lessons learned of audits, complaints and self-reported data breaches, which include:
- Lack of relevant data protection training and refreshers.
- Lack of effective, proportionate, implemented and communicated data protection policies and procedures.
- The need for improved data security, integrity and confidentiality.
Jersey Information Commissioner Paul Vane (pictured) said: “Elements of this most recent audit mirror the findings from a separate audit on a health service sector that we published earlier this year.
“We publish key findings to allow those processing personal information in Jersey, no matter how small or large their organisation, to benefit from the lessons learned. We hope lessons from our audits as well as other enforcement actions send a very strong message to those operating in Jersey that are entrusted with Islanders’ personal information.”
