Information transfer
-
The Data (Use and Access) Act 2025 got Royal Assent on 19 June 2025. All the provisions affecting data protection law and the Privacy and Electronic Regulations Communications are now in force. The Department for Science and Innovation (DSIT) has set out the commencement plans. You can find more details on the Gov.uk website.
Protect personal information when you are transferring it and prevent it being inappropriately disclosed.
Options to consider:
- Implement information transfer policies and procedures for transferring personal information electronically and manually.
- Communicate these policies and procedures to relevant staff.
- Include data transfer security requirements in contracts or transfer agreements with third parties.
- Complete a lessons learned exercise in the event of a personal data breach, update policies and procedures and provide further training, where required.
Protect incoming and outgoing communications using appropriate security measures.
Options to consider:
- Use encryption to protect the content of emails and their attachments, especially if they contain sensitive personal information.
- Use spam filters and various malware detection techniques to protect against receiving malicious emails.
- Automatically quarantine outgoing emails containing sensitive information.
- Provide social engineering training to staff, covering the different types of techniques that can be used.
- Conduct phishing tests on staff and feedback on the results.