Fictitious Case Study
Mars Logistics is a family-run company based in Movington, England. With business of over 5 years, the company operates regionally with conventional and abnormal load capabilities. It has a fleet of over 30 vehicles. The company specialises in the movement of valuable high-end electronics and automobile parts in secured vehicles.
Following a period of rapid expansion, Mars Logistics now has three regional bases. Two of these locations were the previous home to two smaller companies that Mars Logistics acquired in the last 3 years. The whole company has just over 100 employees, with about 20 of these having office roles across the three bases. Staff turnover is high and there is a little synergy between the three bases with each traditionally using their own storage and logistics-mapping software. Each base has its own storage facilities, allowing high-value goods to be stored for either short or long periods of time. Recruitment practices are basic, with no formal vetting of new recruits or training beyond direct instructions concerning the vehicles. Drivers are supplied with company mobile phones; the company policy is that drivers shouldn’t access social media on the company phones and shouldn’t use their own phones for work.
Investment in IT has traditionally been outcompeted by investment in vehicles. Furthermore, there is recognition that the company has a lack of specialist skills in IT, networking and data security, with these responsibilities having fallen to one of the director’s son as he ‘likes computers’. However, he has no formal qualifications and has admitted to staff that he feels a bit left behind, particularly on cyber security issues, despite having completed a few cyber-security related courses.
The company has recently invested in developing a delivery tracking system, which tracks vehicle movements and holds information on the goods being transported and the details of the driver making the journey. The tracking system links with the broader HR system of Mars Logistics and allows for driver performance to be analysed, via monthly reports to management.
The company, in line with the broader sector, consistently struggles to attract and retain driving staff. To help reverse this, the company has developed a scheme that recognizes and awards drivers for their customer service through the ‘Best Driver Award’. This award is customer-led, with awards being given to the driver who receives the most commendations each month. To provide this commendation, customers need to complete an online feedback form through which they provide details concerning their name, address, date of birth, email, and phone number.
Recently, staff across the company have reported an increase in spam mail, and these messages have become more frequent. The senders seem to possess specific knowledge about the company, customers, loads and delivery schedules. However, there have been no ‘ransom’ demands or thefts of pallets, so the staff think this is just bad luck caused by someone in the company clicking on a dodgy link.
However, the company’s CEO is concerned that a data breach may have taken place. The CEO has been advised to employ a Data Governance Consultant to conduct a Data Impact Assessment. The consultant will need to assist the company with adequate implementation of data governance policy so to ensure that the company is compliant with relevant data protection regulations.