There’s been quite a lot in the press recently about potential Data Protection Breaches and the stealing of personal information, notably the cyber-attack on telecommunications giant, TalkTalk that took place last month.
The Data Protection Act was introduced to control how your personal information is used by businesses, organisations or the government. Everyone responsible for using data has to follow strict rules called ‘data protection principles’, ensuring that personal information is:
- kept safe and secure
- used for limited, specifically stated purposes
- used fairly and lawfully
- kept for no longer than is necessary
- used in a way that is adequate, relevant and not excessive
- handled according to people’s data protection rights
- not transferred outside the European Economic Area (EEA) without sufficient protection
Here at FMB we have a clear and defined policy that all employees must follow. I appreciate it can get quite annoying when you have to answer questions when you phone companies to ensure you are who you say you are, but at the end of the day this is only done to protect you. We're fortunate enough to know the majority of our clients personally so we know that we're talking to the right person, but at times these checks need to be made.
If your data gets into the wrong hands, it is surprising how quickly the fraudsters can act. I’ve heard about a case recently (not at FMB fortunately) where a client’s email has been “hacked”, and the hacker had emailed the victim's financial adviser requesting some withdrawals from their investments with the proceeds to go into their 'new' bank account. Fortunately, the adviser was vigilant enough to double check this with the client before proceeding and of course, when phoning them, the client had no knowledge of any such email. In this case, the withdrawals luckily didn’t occur, but the email looked completely genuine and could so easily have been acted on.
We would always conduct a secondary check when receiving any instructions from a client, especially via email. This may involve sending a written instruction to the clients home address for signature or, at the very least, telephoning the client to confirm authenticity.
In the technologically advanced world that we live in, it's important to be as meticulous as possible when it comes to protecting your personal data. Here are some steps you can take to safeguard yourself:
- Change your passwords regularly.
- Limit any online banking/shopping to personal PCs only. If you have to use a public PC, ensure you've logged out correctly when finished.
- Shred or burn correspondence that contains any personal data.
- Act with caution when opening any links or attachments within emails. If you have any doubt, contact the company to ensure its authenticity before opening.
- Never provide passwords/logon details via email.
- Password protect personal documents if sending as attachments.
- Never give anyone your passwords, and if you must write them down ensure they are in a secure place.
We can never be 100% protected, but if we take some precautions, it will make it harder for the fraudsters to steal our data.