Data protectionJan 17 2018

Intelliflo warns advisers to train staff on data protection

twitter-iconfacebook-iconlinkedin-iconmail-iconprint-icon
Search supported by
Intelliflo warns advisers to train staff on data protection

Advisers are urged to update their staff on data protection policies ahead of incoming rule changes, as regulatory bodies have warned of looming claims in this area.

A General Data Protection Regulation industry working party, set up by adviser software provider Intelliflo, warned training staff about the new rules coming in on 25 May should be a top priority to mitigate the risks of expensive data breach claims.

General Data Protection Regulation (GDPR), is a set of rules that intends to strengthen and unify data protection for all people within the European Union (EU).

Rob Walton, chief operating officer at Intelliflo, who chairs the working party, said adviser firms should ensure employees are made fully aware of their responsibilities in terms of the data they can access and the consequences of any mishandling.

He warned of a looming wave of claims where rules have been breached and advised firms to put in place a permissions system to prevent data from being handled inappropriately.

He said: "Under the new GDPR rules, it is mandatory that any breach is reported to the Information Commissioner’s Office (ICO) and, in most cases, the data subject within 72 hours.

"Firms are at risk not only of fines, but also of highly negative media attention."

He said training staff so they are fully aware of what they can and can't do with regards to data helped reduce the risk of data breaches and would ensure the firm itself was not the focus for any potential enforcement procedures.

The warnings come as the chief executive of the Financial Ombudsman Service (Fos) told MPs at a hearing on Monday (15 January) that data breaches could be the next financial services scandal, following the likes of payment protection insurance.

Caroline Wayman told the Treasury select committee: "There are quite a few areas of our work where you see the convenience versus security as a real inherent tension."

She spoke of a need to protect against things going wrong and how people use their data.

The Intelliflo GDPR working party comprises delegates from 11 networks and advice firm customers, representing about 2,000 UK advice firms.

Mr Walton said 11 of about 96 reprimands made public by the ICO in 2017 were aimed at employees who had accessed personal data and sent sensitive data to personal email accounts without reason. 

"Such instances could have been avoided with proper staff training," he said.

Public bodies such as the Greater Manchester Police have also been fined for allowing sensitive personal information to get lost in the post, he said.

Intelliflo has commissioned three e-learning courses, which are made available to the users of its Intelligent Office (iO) management software.

The courses cover GDPR awareness, phishing awareness and information security awareness.

Mr Walton said: "We have created these courses to help our customers prepare for, and be better equipped to deal with, the GDPR and to improve their overall cyber security. 

"We firmly believe that all technology firms have a responsibility to help their clients in these areas. It is essential that everyone in each firm is aware of how to protect data and that there is widespread awareness and understanding of the risks and procedures that need to be followed."

carmen.reichman@ft.com