This spring, a health certificate from a student was sent to the wrong recipient by mistake. With the best intentions, the document was forwarded to someone who was believed to be the correct recipient - and then the same thing happened several times more. Fortunately, the document did not contain sensitive personal data.
“Personal data must be processed securely, and here we see an example of how security can be compromised when someone tries to be helpful without thinking carefully enough about what they’re doing. However, one of the recipients sent a message via Speak Up to notify that they had received personal data in error”, says Johanne Warberg Lavold, IT Security Officer at UiA.
Check the Speak Up page: https://www.uia.no/en/about-uia/speak-up
“This personal data breach gave us an opportunity to review and update our procedures and sharpen awareness of personal data issues in the department in question. The goal of the Speak Up system is to learn from mistakes and improve our judgement - not to look for scapegoats or single out people who’ve made a mistake”, says Warberg.
And learning from your own mistakes and blunders is the main purpose of the Speak Up system, in addition to rectifying errors and correcting mistakes, of course.
UiA is a learning organisation that will use mistakes and errors to learn and improve.
“We’re trying to build a culture where people report their mistakes - and are confident that it is useful for the organisation. We’re striving to get a little better every day, and every breach that is reported gives us an opportunity to learn. The messages on Speak Up are not anonymous - but our focus is not to punish - we just want to learn”, the IT Security Officer says.
The messages are an opportunity to assess whether the mistake is due to systemic errors, a lack of procedures, human errors or other things. We can identify suitable measures based on that assessment.
“We’ve had instances where people set up WordPress blogs that they run themselves and publish images of children who participate in research, for example, that have not been approved for open websites and therefore conflict with data protection legislation. Here we provide information about blog options offered through UiA”, Johanne Warberg Lavold says.
It's easy to misstep when travelling in cyberspace, even if your intentions are the very best. Personal data, images, or pages you thought were restricted to just a few users might turn out to be searchable on Google, for example. Most of us make mistakes from time to time.
Use the Speak Up button when you notice something amiss - whether it is a mistake you have made or that you have seen others make. That gives us the opportunity to get a little better. The Speak Up button is made for that reason, and those who dare speak up should receive much praise.