Public Transport and GDPR

by Ruaidhri Horan, Marketing Manager, Abrivia Recruitment

With most businesses in Ireland currently in the throes of preparing policies and processes to ensure they are GDPR compliant, a risky area for many companies which is often overlooked, is the issue of data protection on public transport.

As a daily rail commuter, I am often surprised by loud conversations, invariably on mobile phones dealing with everything from employee performance to haggling over prices with key suppliers and customers. I usually put in my earphones and listen to the radio to avoid hearing too much but I am sure there are others in the same carriage who are totally engrossed in what should be a confidential conversation. Not only is this unprofessional but if the characters being spoken about are clearly identifiable, this contributes to a breach of their data privacy.

Dublin is a small city and you never know who is on the carriage who may have a connection with the company being discussed or even be a friend or a colleague of the person who is the focal point of the conversation.
On other occasions, people work on laptops or smartphones on a packed train. There are usually many people standing behind them and the laptop screen or contents of their smartphone is clearly visible to them. If they are writing sensitive e-mails about individuals or reviewing CV’s for example, within clear view of other commuters, the potential for a data breach is high.

Folders and laptops are often left on trains. Most decent people will leave these items into the Lost and Found office but what would happen if these materials got into the wrong hands and your company was held to ransom or data held on an unencrypted laptop or folder was used for identity theft? The potential for negative PR for your organisation as a result is huge because of this serious data breach.

Even using the open Wi-Fi on the train carries with it a hacking risk.

How can we avoid these scenarios?
Commuting is a great opportunity to catch up with work. However, if you are working on a laptop it may be worth using special screen overs so you can only see the screen if you are directly in front of it. If you are answering a sensitive e-mail on your phone, look around you to ensure nobody is peeping over your shoulder.

If you receive a sensitive work-related phone call whilst commuting tell you caller that you are currently on the train/bus/Luas and will give them a call back as soon as you reach your destination. From a company perspective it would be a good idea to include working on public transport as part of your GDPR policy and processes to help avoid any potentially embarrassing data breaches.