Simple practice disciplines such as encryption are vital in the wake of GDPR compliance and cybersecurity issues.
GDPR so far!
GDPR became law on 25 May 2018 for everyone working in the EU including the UK. A summary of useful resources for GDPR provided by ACCA was published in last month's In Practice magazine.
Why is encryption necessary?
ICO has highlighted increased adoption of data pseudonymisation and that data encryption is seen as best practice. GDPR defines pseudonymisation in Article 3, as ‘the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information’.
This means that the ‘additional information’ must be ‘kept separately and subject to technical and organisational measures to ensure non-attribution to an identified or identifiable person’. Pseudonymisation does not remove all identifying information from the data but merely reduces the linking of a dataset with the original identity of an individual – encryption.
Encryption is one of the tools available when considering data security policies. ACCA's guidance on firm's a proforma Data Protection Policy states: ‘Data Security – Transferring Personal Data and Communications: We will ensure that we take the following measures with respect to all communications containing personal data:
• all emails containing personal data are encrypted …’
How can you encrypt?
Practitioners usually have to send three types of documents containing data: MS Word reports, MS Excel spreadsheets and PDF documents for approval via email. Here are some simple and free ways of encrypting these documents through passwords:
Microsoft Word documents
Open your Microsoft Word document.
Click File. It's a tab in the upper left corner of the Word window
Click the Info tab
Click Protect Document
Click Encrypt with Password
Enter a password
Click OK
Re-enter the password, then click OK
Microsoft Excel Spreadsheets
Open the document that you want to help protect
On the Review tab, under Protection, click Passwords
In the Password to modify box, type a password, and then click OK
In the Confirm Password dialog box, type the password again, and then click OK
Click Save
PDF Password protection
PDF documents can be protected with a password by purchasing a PDF protection package which is sometimes a better option than purchasing a full package. Tp apply a password:
Open the PDF and choose Tools > Protect > Encrypt > Encrypt with Password
If you receive a prompt, click Yes to change the security
Select Require a Password to Open the Document, then type the password in the corresponding field
Select an Acrobat version from the Compatibility drop-down menu.
OR
Open your PDF document.
Click File. It's a tab in the upper-left corner of the Word window
Click the Properties tab
Click Protect Document
Click Encrypt with Password
Enter a password
Click OK
Re-enter the password, then click OK.
Summary
Although these methods help to protect the data, do consider how your client will react and their ability to use these documents. Do also consider how reliable and secure email is itself.
Alternatively, a virtual online portal – while appearing expensive at the outset – may deliver good value for money in the longer term by ensuring secure communication, a professional image for the practice and an ultimate time cutback on administrative activities.
Further guidance on encryption for types of data will be available for members and highlighted in the next issue of In Practice.