While “perfect security in the digital era does not exist,” practitioners are “personally responsible for protecting their end of the conversations” with clients. But what exactly does this mean? We’ve detailed the most common security and privacy threats to digital practice, as well as steps you can take to ensure you’re taking the necessary safeguards.
Check to see if you are GDPR compliant.
When it comes to processing personal data, the General Data Protection Regulation and Data Protection Act 2018 lay down the rules, and you are obliged to follow them during lockdown.
Before deciding to shift your practice with children and young people online, it is recommended that you conduct a Data Protection Impact Assessment, which includes the following (non-exhaustive) list of considerations:
Whether the equipment used to remotely support young people will be only for job purposes. If you can use a secure platform to connect young people and provide virtual counseling. How you would explain and document the young person’s informed consent, if it is asked.
It’s fair to be anxious about whether your data protection methods and procedures are up to par in this age of rapid change and unpredictability. The Information Commissioner’s Office has responded by stating that it will not take regulatory action against these organizations:
It is recommended that you read the ICO guidance in its entirety on their website, where you can also get more information about coronavirus and what it entails for data regulation.
There are various precautions you can take to keep your equipment and internet connection as secure as possible while working from home, as well as to prevent others from accessing confidential, sensitive personal data or viewing and intercepting your discussions with young people.
Make sure no one else can access your computer or devices, that they are password protected, and that they are turned off while you are not working. If you share a computer, create a separate user account with a secure password that only you know.
Similarly, ensure that any digital platform you use is exclusively linked to a professional e-mail address and that you do not use an account associated with someone outside your organization.
If you must use your personal computer during the pandemic because your organization cannot afford to acquire laptops for every member of staff, store any personal data of young people on password-encrypted USBs rather than on your personal drives.
Install and routinely update a good firewall, anti-virus/anti-malware, and other necessary security protection. It should be noted that free services are frequently less secure than paid-for services.
After each video call with a young person, clear your cookies.
Online session links should not be saved in an online calendar.
Turn off all devices and programs that have a listening or speech recognition capability, such as Siri, Alexa, OK Google, or similar, including your computer, phone, smart watches, and other gadgets, before your sessions.