Data protection and online conferencing – how to stay safe

This advice comes after the JOIC published the outcome of a formal inquiry into three contraventions of the Data Protection law by the Children’s Services Department. The department is a function of the Children, Young People, Education and Skills Department of the Government of Jersey.

The breaches related to the Department’s use of an online conferencing platform to hold a child protection meeting during which sensitive personal information about an individual was disclosed to other call participants, who should not have been present for that part of the call.

Tips for holding an online conference and complying with data protection requirements…

1. Make sure that clear, understandable and up-to-date organisational policies and guidelines are provided to those using online conferencing platforms.
2. Ensure staff are trained to know what rules to follow and steps to take to minimise data protection risks.
3. Employees should be using your organisation’s contracted service providers only, for work related communications. Ensure you are happy with the privacy and security features of the services you ask them to use.
4. Ensure employees only use work accounts, email addresses and phone numbers for work-related online-conferencing, to avoid the unnecessary collection of their personal contact or social media details.
5. Implement appropriate security controls (such as multi-factor authentication and strong, unique passwords) and limit use and data sharing to what is necessary.

Does your organisation need advice about good personal information handling? You can call the Jersey Office of the Information Commissioner on 01534 716530 or visit their website.