It is evident, especially after the most recent cyber attack involving the HSE computer systems, the importance of our data and what a valuable commodity it is.

Cyber criminals spend days and weeks hacking into various computer systems to take advantage of any IT weaknesses. The more confidential the data is, the more valuable it is to a cyber criminal. This just proves how cyber security and strategy is vital in any business or farming operation.

The COVID-19 pandemic has enabled vulnerable systems to be attacked, while people have been so busy due to the pandemic and working from home. Firewalls, strong passwords for email logins, security passwords for local broadband, policies and procedures are all of vital importance in any business to prevent a cyber attack and data being stolen.

What is data?

Data can be defined as facts, figures, or information that is stored or used by a computer. It can be personal data such as your name, address, date of birth, marital status, medical records, or PRSI number. In a business or farming sense, the data can be your herd number, livestock numbers, employee details, bank accounts, emails, or payments from the Department of Agriculture or co-ops.

What are my entitlements with regards to my data?

You are entitled to have your personal information protected, used in a fair and legal way, made available to you if you ask, and corrected if you find it is incorrect. It can only be used for the purpose to which you consented, and can only be kept for as long as is necessary for that purpose. Your data must be kept safe and there must be policies and procedures in place to ensure there is no unauthorised access to it.

Where is my data stored and is this important?

Companies store data in the cloud, but where is the cloud? Your mobile phone stores your own data in the cloud, such as all you emails, videos and photos.

Examples of a cloud platform are Google Drive or Microsoft One Drive. These are used by many companies to store data as they are quite simple and versatile to use.

Cloud storage means your data is stored remotely but actually at a physical location called a data center, which is like a big warehouse for data storage that contains many secure servers. Microsoft owns many data centers all around the world. Ireland is considered a good location for data centers due to its climate of cold weather. There are many data centers across Ireland (70 currently) such as in Dublin, Cork, Shannon in Co Clare, Limerick, Carlow, Belfast and Derry.

Any company of a significant size will have multiple data centres in multiple regions. This will allow flexibility in how it backs up its information and protects against natural disasters such as floods and storms. Cloud data is usually stored in an encrypted format, which makes it harder for hackers to obtain.

General Data Protection Regulation (GDRP)

There are many legal regulations around data protection, which means it is essential for companies to know where and how their data is stored securely and how appropriately it is disposed of. The General Data Protection Regulation (GDRP) 2018, an EU data protection regulation, must be adhered to by companies and organisations in handling confidential and sensitive information. This gives everyone more rights over what businesses can do with their personal data and carries significant fines for those who don’t comply with it. Under GDRP, organisations can only keep your data where there is a lawful reason for doing so.

Software updates

Software updates are a means of minimising the risk of data leakage and system vulnerability. These alerts can be annoying but can help to keep your data safe and your mobile phone or laptop up to date.

A good tip

Avoid sending confidential documents via email. Instead send a link to the file storage area you have created online where the documents are stored.

The Data Protection Commission (DPC)

The DPC is responsible for upholding the fundamental rights of individuals in the EU to have their personal data protected. It ensures compliance and can also deal with complaints in relation to data protection breaches.

Ask Money Mentor

Dear Money Mentor,

I have a farm bank loan which is in arrears due to some missed payments. I am continuing to make repayments but it is still in arrears. This was originally a five-year loan but it will be seven years by the time I have it fully repaid. I received a statement from the bank recently which included another customer’s statement in the envelope. (we have the same last name.) Is this a data breach on behalf of the bank? How can I be sure that my statement didn’t go to the wrong person another time?

Regards, Peter.

Dear Peter,

Yes indeed this is a data breach on the part of the bank. You should inform the bank immediately and return the other customer’s statement to the bank. This may have been a computer error but the bank needs to be informed regardless. You cannot be sure if your own statement ever went to the incorrect person, but there is an onus on the bank under GDRP to ensure the correct information goes to the correct customer.

Thanks for the email.

Next week

My rights: my data, data breaches – how can I ensure my data is not being misused?

Read more

Money Mentor: avoid scams and be wary of unauthorised finance providers

Money Mentor: increase in farms being hit by cybercrime