Stop criminals getting their hands on customer data

Stop criminals getting their hands on customer data

With Post Office’s Information Security and Data Protection training going live this Friday 14 June, Head of Information Protection and Assurance, Jules Harris, tell us why it’s important and what it means for customers, branches, and the business.

What are Information Security and Data Protection?

“Information Security is the discipline which aims to protect all information (which includes data and personal data) that makes Post Office function.  

There are three drivers for Information Security:

  • Confidentiality – making sure information is only used by those who are authorised to use it
  • Availability – ensuring information is ready to be used whenever the business requires it
  • Integrity – only authorised changes to information are made, so the business can trust decisions made based upon it.

Data Protection is the discipline of protecting Personal Data relating to a living individual, following the requirements in the Data Protection Act 2018.”

Why is it important to you and everyone at Post Office?
“Clearly it is important to me as it is my job, however, I see my job as a bit of a vocation. Post Office offers products across a wide range of sectors and we are one of the most trusted brands in the UK. Without adequate information security controls working right across our business, from branches, through supply chain and into our admin offices, the nasty people out there could steal data from us.

The effect of this could be tragic to our brand reputation, and erode the trust we have worked so hard to gain in our 370 year history. Without you reading and understanding the annual Information Security and Data Protection training, you personally could put that trust in jeopardy.”

What trends are we seeing?
“We see a lot of errors made, with the very best of intentions. For example, helping our customers receive a great service, but in a way that goes against information security requirements, putting data at risk. There is always a simple and correct way to do things, and not completing the training may open you up to making errors. So, please don’t ignore the correct way to do things; help to maintain the trust our brand deserves.”

Why is it important for branches?
“What our branches do starts all the processes which office-based teams then act upon.  Mistakes made at the start, could multiply through our systems, and, if the data is incorrect at the point of collection, everything else down the line cannot be relied upon.

Information Security is the discipline which aims to protect all information (which includes data and personal data) that makes Post Office function.

Data Protection is the discipline of protecting Personal Data relating to a living individual following the requirements in the Data Protection Act 2018.


Without adequate information security controls working right across our business, from branches, through supply chain and into our admin offices, the nasty people out there could steal data from us.

Conversely, the things people do in office roles may adversely affect branches, who again may make decisions based upon invalid or perhaps out-of-date information. We need everyone to respect the guidelines, so we all work together to help protect Post Office for the future.”

Why does it have to be done every year?
“We change the training every year for several reasons. Firstly, it makes it more interesting. Secondly, we update it with the latest legal developments as well as new insights from incidents we’ve handled over the year, about the latest ways criminals are now trying to get their greedy hands on our data. And, Information Security and Data Protection are both massive subjects, if we were to cover everything, you would be doing nothing but training for days!”

What happens if I don’t do it?
I’m pleased to say that in my experience the majority of people do complete it in the required timeframe, but I’d like to take this opportunity to ask everyone to please do the training and the test. It really does matter.

If you work in branch, and you don’t complete the training by Tuesday 8 July, you will be unable to sell products on Horizon, until you pass the test.

How does doing the training help customers?

Strong Information Security and Data Protection controls will ensure people trust their data with us. Ensuring the data we hold is held confidentially, with integrity and is available when needed, means we maintain trust in our brand. 

Trust in our brand is often why people choose to do business with us, and if we can stop the criminals getting at our data that means that our customers can be confident that Post Office cares about them and looks after them in an appropriate way.”