Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner.

Data protection breaches offshore: avoiding snakes and building ladders

Post Thumbnail

Ahead of Oil & Gas UK’s Cyber Security Conference, speaker Ross McKenzie, partner in international law firm, Addleshaw Goddard’s data protection team, shares some insights into what practical measures should be considered for data protection compliance in the oil and gas sector

The harsh reality of data protection compliance is that every organisation will be affected by an incident affecting its IT systems at some point – unfortunately, we’re all susceptible to being bitten by snakes in and outside of our business, from something as simple as records being sent to the wrong recipient by email, to a much more serious targeted ransomware attack.

In the oil and gas sector, attacks affecting personal information are far lower risk when compared to other industries like the financial services sector or other consumer-facing businesses. Nevertheless, each member of the workforce contributing to the oil and gas industry – whether that’s employees or contractors – has an expectation that any personal information shared or created about them is protected, and quite rightly so.

Not every snake bite will result in personal information being compromised. But when it does, the law – principally through the well-known General Data Protection Regulation (GDPR), applied in the UK via the Data Protection Act 2018 – comes into play.

The GDPR needs to be factored in for operations involving the handling of personal information. Offshore, this will be relevant for any personnel records stored, but most importantly, medical records. Unsurprisingly, compromised health records have led to the highest penalties in the UK to date under the old law. New technologies being introduced into the sector, such as workforce tracking and Internet of Things (IoT)-enabled devices, are creating an abundance of new data about the workforce which requires consideration and protection.

The law generally doesn’t expect absolute prevention of data security breaches. Just like the board game, snakes can be lurking in every corner and prevention can be difficult. The GDPR does expect, however, that reasonable technical and organisational measures are in place. A bit like ladders, they are there to give you a step up on compliance to help avoid challenges, and when something does go wrong, they’re there to help get you back to where you were and can be used to show authorities what measures were in place to mitigate against a breach.

Most organisations will have already spent time on data protection compliance recently given the introduction of the GDPR. But moving forward, reasonable steps should be taken to monitor compliance and keep standards up. Some housekeeping tips include:

  • Ensure training of new staff is undertaken, including refresher training, particularly focussed on reporting of any suspected breaches;
  • Test procedures in dummy incident runs and focus on timelines – a personal data breach which is high risk to individuals (e.g. lost health records) must be reported to the ICO in the UK within 72 hours;
  • Audit contractors you rely on to process data on your behalf – this is probably the most important aspect, particularly for offshore health records. You should check how they would manage reporting a breach;
  • Check the terms of any collaborations you are involved in. Consider if personal information shared is necessary and who has responsibility for data incidents; and
  • Run privacy impact assessments to check what security measures are in place (and should be put in place) before any new collaboration involving personal information.

Ross McKenzie, partner in international law firm, Addleshaw Goddard’s data protection team

Recommended for you

More from Energy Voice

Latest Posts