New season, big questions by Natasha Rawley, Archive Document Data Storage
This article was also featured as a column in the April 2016 issue of LPM. To read the issue in full, download LPM.
At ADDS the daffodils are up outside our record centres, and change is in the air. Taking advantage of this new-season energy, I and the ADDS team travelled to Somerset House for the #BigBangData exhibition, and what an amazing experience it was. Two key messages of the exhibition were focused upon data privacy and data management. These are two subjects we know greatly impact our clients in the legal sector.
After the exhibition we gathered in the café for a caffeine-fuelled brainstorming session and proposed some questions focused around these two subjects to get our clients thinking about their data privacy and management processes. I've since been visiting practice managers to run through these questions, which has given them pause to take a step back, review their processes and expand their knowledge of how the different processes work.
It may be down to an individual department or external supplier to manage data privacy and data management for your firm, but it is your responsibility to know the facts and how everything works. Here are our big questions:
1. Do you have a data protection policy in place?
2. Are all members of your practice aware of it?
3. Who is in charge of updating and enforcing this policy?
4. Is your client data valuable – would another organisation or individual pay for it?
5. Can your fee earners download and remove sensitive or client data?
6. Are fee earners removing physical files from the office to work on at home? If so, have the fee earners had data protection training?
7. Do you have records of that training?
8. Are you up to date with the recent data protection changes in 2016?
9. Has your data protection policy been upgraded since the data protection changes came into effect?
10. Do you have data protection workshops or ‘lunch and learns’ regularly?
11. Is there a privacy notice on your website and letter of engagement stating how you process/ use your client’s data?
12. Do you need to register with the ICO? If so have you? 13. What measurements does your practice take to protect employee data?
14. Who has access to your team’s personal data/ HR records?
15. Does your HR person/team have a strict retention policy in accordance with CIPD legislation?
1. Is your practice’s data backed up daily?
2. How is the data backed up?
3. Who is in charge of this process?
4. Is the backup checked for success rates after every backup?
5. How would you locate a data set for a set time/ date?
6. When is the last time your practice tested a full data restore from the backup?
7. How long did that take?
8. Do you have a mapped process for your data backup process?
9. Where is the process held?
10. Who is in charge of retention scheduling of the data backup?
11. What is your data backup retention policy?
12. Can you prove this data retention policy is being carried out?
13. How is the data erased/destroyed once it reaches the end of the retention period?
14. Is there a data destruction/erased log?
If some answers raise some scary questions for you as a practice manager, do not fear! It’s great that you have taken the time to identify these issues, and now it's time to get to work and have a spring clean to make sure everything is in working order.
And remember, if you need my help or want some advice with anything in these articles (or just want a chinwag), drop me an email.