You are here

Flexible staffing puts firms at risk of data breaches

Temporary staff must receive adequate data protection training, ICO warns  

28 November 2013

Add comment

By Manju Manglani, Editor (@ManjuManglani)

Firms that employ temporary staff must ensure that they are sufficiently trained in data protection, the UK Information Commissioner’s Office (ICO) has warned.

The data protection watchdog’s comments comes after four breaches were found to have been made at the Great Ormond Street Hospital Children NHS Foundation Trust, three of which related to work performed by temporary staff.

Commenting on the breaches, the ICO’s enforcement group manager, Sally Anne Poole, said that hiring staff on a temporary basis “doesn’t absolve employers of their legal responsibilities for making sure people’s information is being looked after correctly”.

“If organisations are employing temporary or agency workers into positions that involve the handling and sending out of personal information then they must make sure these staff have received adequate data protection training,” she added.

The data breaches at the trust were caused by letters containing medical information about five patients being sent to the wrong address.

The ICO noted in its undertaking that the temporary staff involved had not received “any relevant” data protection training, despite their roles routinely involving the handling of personal information.

It has warned that anyone who processes personal information must comply with eight principles of the Data Protection Act.

Commenting on how employers can ensure temporary staff are adequately trained, Nick Graham, the legacy global co-chair of Dentons’ privacy and security group, said: “Employers could consider developing a ‘one pager’ of data privacy ‘do’s and don’ts’ which can be provided to temporary workers when they start.

“Or perhaps, the temporary worker agency could provide data protection training to workers, so that they are ‘data protection ready’ when they start their placement with an organisation,” he said in his firm’s Privacy and Data Security Blog.

“Since a warning has now been released by the ICO, it seems prudent for employers to make sure their training policies are adequate and the scope of such training is expanded to cover all employees (full time or part time) that handle personal data, so as to avoid being next in line,” he concluded.

Categorised in:

Risk & Compliance HR