Data protection best practice top of the agenda at Charity Digital Insights

It was an evening of high tech knowledge and low budget warnings at Charity Digital Insights, as expert speakers emphasised that basic staff training and physical security are just as important as password encryption and firewalls in the fight for safe data.

The event landed at London’s Marriott Kensington on Thursday and after a summer of charity data breach scandals and Talk Talk’s recent and very public information exodus, the subject matter – data security – could hardly have been more timely.

Greg Inge, managing director of event sponsor CQR, got thing started with an opening gambit in which he busted a few perennial data protection myths and got everyone there in the right frame of mind for an evening of stimulating insight and instruction.

cdi body

Mobile danger

Next to take his place at the plinth was Mark Child, partner at Kingston Smith Consulting and the world’s first ethical hacker. He shared some of his vast experience working with organisations around the world and took delegates through some of the worst things he has seen and the most common misperceptions he’s encountered.

He described the absolute dearth of consideration about mobile devices in charities, saying: “It would take me about 20 seconds to break into your phone.” He also set delegates straight about the relative security of cloud technology, emphasising that it isn’t the panacea it has been reported to be.

“Having a private cloud doesn’t make your data any safer than a public cloud if it isn’t managed properly,” warned Mark.


Alligator antics

Following Mark was Martyn Croft, bringing expertise from his dual role as chief information officer (CIO) of the Salvation Army UK and co-founder of Charities Security Forum.  Martyn made the vital point that it isn’t simply donators’ data that charities need to protect but also that of their beneficiaries, particularly if they are vulnerable people.

Adding a personal touch to proceedings, Martyn started one slide by asking delegates how much an alligator costs. He then revealed that he discovered the price of this particular animal after credit card fraudsters tried to use his card to buy one.

Another important lesson imparted by Martyn was to carefully monitor contributions to your charity because fraudsters will often make very small donations to test if stolen credit card details still work. There was a lot more to absorb in this presentation than just the cost of amphibious livestock.


Physical frailties

Richard Cooper, director of programmes and CIO of the Tech Trust was another speaker with a wealth of charity knowledge, who had some fascinating tales about the very low tech issues that can cause very high profile problems.

Speaking as someone from a small charity Richard was able to empathise with the issues many delegates faced and offered practical and easily actionable advice to everyday problems.

Offering an excellent rule of thumb to anyone who isn’t sure what counts as personal information, he imparted some advice given to him by the first data protection officer he ever worked with: “There’s nothing more personal than someone’s name!”


Word from the top

Rounding off the presentations and providing regulatory insight – specifically Principal 7 of the Data Protection Act – was Richard Marbrow, senior policy officer for the Information Commissioner’s Office (ICO).

Richard laid down the law and got everyone good and scared before offering excellent advice to help charities avoid the frightening consequences of a breach. He pointed out the huge fines involved for serious incursions but echoed the sentiment of other speakers that reputational damage can actually be far more serious in the long term.

Mixing legislative liturgy and light relief throughout, while advocating a clear desk policy, he quipped: “A tidy desk is a sign of a tidy mind, and a mind that is compliant with the seventh principle of the Data Protection Act.”

After a Q&A session with the speakers to tie up any loose ends, it was time to hit the break out area and get down to some serious networking over some delicious food and well-earned drinks.

With January’s event on email marketing next on the agenda, it seems CDI really has got all the bases covered.

Related reading