(photo: Copyright © The 3M Company (2018).)
06.04.2018, 14:36

There’s More to Data Privacy in 2018 than Digital Security

FM Magazine, White Papers & Briefings, EMEA
Peter Barker, EMEA Market Development Manager for 3M's Display Materials and Systems Division, argues the General Data Protection Regulation (GDPR) will impact private and public sector organisations of all sizes, regardless of the UK's future in the European Union.



While the GDPR is good, in that it imposes far greater respect and control over private information, the task of complying with the new regulations could seem daunting.  Fortunately, the Information Commissioner’s Office (ICO) – which is tasked with GDPR’s implementation in the UK – has provided plenty of guidance on its website, including 12 steps that UK organisations should take.  These include: making everyone aware of the GDPR; documenting details of data that is held, including the source and who it shared with; reviewing current privacy notices; checking procedures and amending accordingly; becoming familiar with the ICO’s code of practice on Privacy Impact Assessments; and designating Data Protection Officers. 


Facilities managers could arguably be candidates for this role, given that the classic definition of FM combines people, processes and technology.  That said, the volume of data that is in digital format, the IT department will need to be heavily involved, to ensure data is encrypted as appropriate, that IT security is robust and that the ability to demonstrate GDPR compliance digitally is in place.

The data privacy risk goes mobile

However, GDPR is only going to be 100 per cent robust if every employee has – and uses – tools to ensure data privacy, wherever they are.  Given that many workforces are increasingly mobile, or have employees who work from home, the classic bricks-and-mortar office-based environment – which is possibly easier to control and defend – is no longer the status quo. 38.8 per cent of the global workforce was already mobile in 2016, according to Strategy Analytics.  There is no reason to expect that trend to slow down or reverse.

A recent Deloitte study found that 77 per cent of millennials want great mobile connectivity, but they are also potentially a riskier group, according to findings from research carried out by the Ponemon Institute on behalf of Citrix:  39 per cent of this demographic were prepared to use unauthorised apps in the workplace (and Generation X was not that far behind, at 33 per cent). 

Correspondingly, data privacy strategies must encompass individuals and their devices, both in and out of the office.   There needs to be more focus on protecting the ‘virtual offices’ that many of us carry around, including thinking twice before carrying out sensitive printed content and, of course, ensuring that the organisation’s IT strategy is extended to all mobiles, with screen lock-outs, mandated log-ins, anti-hacker software and biometrics.  Also, there is a ‘Bring Your Own Device’ (BYOD) policy, that should be managed too: IT network protection could be undermined if sensitive data is being transmitted by, or even stored on, an unprotected personal smartphone. 

Even so, when someone’s screen is active, there is still the risk that sensitive data could be visible to prying eyes.  Various research studies over recent years have demonstrated that the risk of ‘visual hacking’ – the ability to see someone’s screen and then use the data viewed or photographed for malicious or illegal purposes – is very real.  A 2017 Twitter feed by film director Barry Jenkins demonstrated how easy it is to view someone’s screen over the shoulder of a fellow plane passenger: harmless enough, but imagine someone less honest, snapping a shot of customer records displayed on a laptop and then selling on that information?

Screens should be angled where they are not easily visible, with automatic screen savers and log-ins required after a couple of minutes of inactivity.  When staff are working in public places, encourage them to sit with their backs to a wall.  Better still, fit privacy filters over the screens of all mobile devices – smartphones, tablets and laptops -  so that on-screen information is only visible to the user and not to someone taking a sideways glance or looking over a shoulder. 

Back in the office

It is important to extend these policies to offices, particularly with so many of us using our smartphones and other mobile devices within those spaces.  Fit privacy filters to desktop monitors and ensure that those screens are not visible to visitors, contractors or indeed, to anyone not authorised to view sensitive information.  It is also good to routinely check people’s credentials and to have a culture where an unknown visitor can be politely but firmly challenged if they are unescorted: in a Global Hacking Experiment carried out by the Ponemon Institute on behalf of 3M, a ‘white hat’ hacker (a computer specialist employed to test the security of a network by ‘hacking’ into it) was only challenged in a global average of 32 per cent of attempts, despite achieving an average of 91 per cent of successful visual hacking attempts. 

Many organisations already have policies in place to reduce unnecessary use of paper; apart from environmental considerations, less printing or copying of material reduces the potential risk of someone seeing or picking up sensitive information.  The Global Hacking Experiment found that 56 per cent of sensitive data was obtained from printed documents (as opposed to 44 per cent from on-screen information).*  Make sure documents are removed swiftly from printers and copiers and routinely shred anything that contains sensitive information.  

Protecting data is a multi-faceted task, but there is much that we can do, both as businesses and as individuals – quickly, simply and relatively inexpensively – to better protect our own, our customers’ and our businesses’ valuable information.



3M is a trademark of 3M Company.



Article rating:

vote data

Leave a reply

 (photo: Rentokil Initial plc)
News Editor  - 01.03.2018, 08:30

Strong Growth from Rentokil Initial

FTSE 100 business services group Rentokil Initial has announced revenue growth of 14.5 per cent and on-going operating profits of 14.8 per cent in preliminary results for the year ended 31 December...

The Pembury Tavern. (photo: )
Delta Security  - 17.10.2018, 09:40

Delta Security Upgrades Security at Hackney Pub

Delta Security s helping to protect patrons, staff and property at Hackney’s Pembury Tavern with the installation of a new security system, including an IP-based CCTV solution, roller shutters and...

 (photo: Sodexo APAC)
Sodexo S.A.  - 09.11.2018, 14:41

Sodexo APAC Embraces Latest Workplace Trends

Sodexo's new APAC House regional headquarters building in Singapore incorporates a suite of digital innovations designed to make work life simpler, more productive and, above all, more enjoyable.

(Photograph courtesy of Tookapic). (photo: )
Marissa Francis  - 05.03.2018, 17:13

The Definition of 'Clever'

Marissa Francis, Heating Ventilation and Air Conditioning (HVAC) Improver with ABM UK, explains why university isn't the only route into facilities management.

New chargepoint installation at Southampton Airport. (photo: Southampton Airport)
AGS Airports  - 26.03.2018, 11:30

Southampton Airport Adds EV Chargepoints

Southampton Airport is helping power the growing number of electric vehicle (EV) drivers on UK roads with the installation of seven new Pod Point 7kW chargepoints in its short stay and priority...

 (photo: )
FM Editor  - 31.05.2019, 02:42

King's College Hospital Contract

Artic Building Services will provide HVAC maintenance services under a new contract with the King's College Hospital NHS Foundation Trust.

Penn State University. (photo: )
FM Editor  - 03.04.2019, 19:36

BACnet Site Manager for Big Building Networks

Vancouver, BC based Optigo Networks will be releasing its Visual BACnet Site Manager aggregation tool for different capture nodes across building and campus networks on 25 April. The tool was...