Keeping your union communications secure and safe

Tracey Hunt · 6 August 2020

There have been a number of data breach incidents lately relating to emails and it seems a good time to remind reps of the do’s and don’ts when sending emails, says Tracey Hunt, Prospect’s data protection compliance officer.

Man about to send an email

Prospect is the data controller for all union personal data, and is therefore liable for any breaches. However, your employer, if you are using their computer/email system, is the processor for that data.

The union should have a data processing agreement with the employer, which can be part of any facilities or recognition agreement, which sets out the rights and responsibilities of the employer and reps in using the computer systems for trade union work.

Remember that trade union data is a special category and therefore a higher level of protection is required.  To identify a member, even to another member, without their consent is a breach of the regulations.

Secure use of email

When using email, whether your employer’s system or a provider such as Hotmail or Gmail, you should ensure it is as secure as possible:

  • Do lock computer screens when away from your desk.
  • Do ensure no one else has access to your emails.
  • Be aware that if you are using your company’s email system, then the system may not be private.
  • Do take care when opening emails and attachments, especially from addresses you do not know as they could contain viruses.
  • If emailing more than one person always use the Bcc field if you do not need to cc the other recipients, especially if it is to a large number of addresses.
  • Always password protect attachments that contain membership data, especially  spreadsheets.
  • Ensure you select the correct address, especially if using auto insert.
  • When forwarding emails be aware that email chains may contain personal data that should not be forwarded.
  • Take care when cutting and pasting data from emails as you may pick up data you didn’t intend too.
  • Email messages should be written in accordance with the standards of any other forms of communication
  • Do make use Prospect’s E-branch emailing system if possible, as this will ensure member’s data is protected.


  • Do not keep personal data in your email system for longer than is necessary.
  • Do not keep multiple copies of spreadsheets containing members’ data.
  • Do delete data in line with Prospect’s retention schedule – personal case material should be deleted after seven years.

Breach Reporting

Remember to report a breach to the Data Protection Compliance Officer by emailing [email protected] as soon as possible once a breach has been identified.


  • Do encrypt documents. If sending an attachment that contains personal data ie spreadsheets, these should always be password protected, and the password should be sent either by a separate email or text.
  • Ensure your passwords are not written down or stored on your laptop or mobile device.
  • If not using encryption software, remember a strong password should contain the following:
  • Lower case characters
  • Upper case characters
  • Numbers
  • “Special” characters (eg @#$%^&*()_+|~-=\`{}[]:”;'<>/)
  • Contain a minimum of eight alphanumeric characters.

Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example:

The phrase might be: “This May Be One Way To Remember” and the password could be: “TmB1w2R!” or “Tmb1W>r~” or some other variation.

NOTE: Do not use either of these examples as passwords!