In the first newsletter of this year we look at a recent legislation update regarding GDPR guidance on passwords and encryption from the ICO and that employers may need to go further than strict compliance with the statutory right to a companion to ensure fairness in formal proceedings.
We hope you find this newsletter informative and helpful, if you would like more information on any aspect please contact us. Don’t forget to take a look at our website to see the full range of our services.
From basic Contracts of Employment to a fully Outsourced HR service we can help. If you would like to know more about any of our support, consultancy, and training services, and see how we can help you, please visit our website or contact us at firstname.lastname@example.org to arrange a Free no-obligation consultation.
To get the latest case law updates follow us on Twitter (@connectiveMAC)
GDPR: new ICO guidance on passwords and encryption
The Information Commissioner’s Office (ICO) has published new guidance on passwords in online services and encryption under the General Data Protection Regulation (GDPR).
The guidance refers to encryption and passwords in the context of taking appropriate technical and organisational security measures (as required by Article 5(1)(f) and Article 32 of the GDPR).
What are the main points mentioned in the guidance?
• Organisations should have an encryption policy and train staff in the use of encryption;
• Encryption should be used for storing and transmitting data; solutions should meet current standards and be kept under review;
• Organisations should nevertheless be aware of the residual risks that remain even with encryption in place and take steps to address these;
• Organisations must not forget about their password system once established, they should carry out periodic reviews;
• There may be better alternatives than using passwords; and
• When designing systems and services, organisations must have regard to a data protection by design approach and this includes for password systems.
It also includes information on:
• How to store passwords;
• How to enter passwords;
• General requirements for passwords (i.e. length and use of special characters);
• Changing passwords;
• The role of the National Cyber Security Centre and
The ICO confirms in the guidance that where unencrypted data is lost or destroyed, it is possible that it will pursue regulatory action.
Operational Managers are key to a Company’s success, and how they work with and manage their teams is an essential part of this. We provide the following training courses to help Managers deal with issues and people correctly to enhance your business.
• Managing Discipline & Grievance
• Managers Guide to Handling Stress
• Influencing Styles and Persuasive Negotiating
• Managing Conflict
• Managing Performance
• Managing Attendance
• Managing Recruitment and Selection
All of our courses can be tailored to suit your exact needs and delivered at your premises if required.
Our 1 day Managing Conflict course is designed to:
• Realise the actual risks from physical or verbal abuse by employees and customers, whether face-to-face, or by telephone;
• Raise Manager’s awareness in order to recognise warning signs of danger;
• Help managers manage conflict and aggressive incidents, and apply skills in order to prevent incidents from happening in the first place;
• Give managers the tools to make informed choices to keep themselves and others safe whilst going about their work.
The course supports managers to develop the skills they need to manage conflict when in direct contact with employees and/or customers, or indirectly when managing teams. It also enables managers to enhance their communication techniques to prevent, defuse and deal with irate and aggressive people they meet and manage in the course of their work.
More details on each of the training courses can be found on our website.
We have established key partnerships to enable us to provide a rounded ‘people’ solution to our clients, including:
• Occupational Health services;
• HR Software.
• Health Insurance and Staff Healthcare Benefits;
We also have a number of other Associate Partners whose services we have used ourselves and also recommend, covering:
• Legal Services;
• Financial Services;
• IT services;
• Insurance Services.
and more. Visit our website to see full information on our partners and services.
Helpful Hints & Tips – Employers may need to go further than strict compliance with the statutory right to a companion to ensure fairness
Employees have a statutory right to be accompanied to a formal (e.g. disciplinary or grievance) hearing by their chosen companion and, if that companion is unavailable on the date set, to have the hearing postponed by 5 working days. A failure to comply with this right is likely to render a dismissal procedurally unfair in most cases, but the corollary is not true.
In Talon Engineering Ltd v Smith, a dismissal was found to be procedurally unfair where the employer refused to postpone the hearing by 10 days to allow the chosen companion to attend. The tribunal had not erred in concluding that the employer had acted unreasonably in refusing the request for a short postponement based on genuine unavailability, particularly given the employees’ 21 years’ unblemished service.
Employers should always consider the specific details of each case and ensure they are seen to be acting fairly.