1
|
INTRODUCTION |
The Data Protection Act 1998 was bought
into force on 1st March 2000, and replaces the Data Protection Act 1984
(DPA). The Act gives
legal rights to individuals in respect of the protection of confidentiality
of their personal data. This guide will concentrate on the seventh
principle, which gives guidance to organisations on security measures.
|
2 |
AIM |
The Act aims to balance the rights of the individual, and the companies
who are legitimately holding and using the information.
|
3 |
MATERIAL COVERED |
The Act covers all business
data including paper and computer records, CD’s and disks.
|
4
|
RESPONSIBILITY |
All Companies have a duty to appoint a Data Controller, who is responsible
for all your personal data and the manner in which it is viewed, stored,
handled or processed.
The Data Controller is responsible for appointing a Data Processor (persons
or companies, who process data on behalf of the data controller). When
appointing a person or company as the Data Processor, the Data Controller
must seek guarantees, regarding their technical and organisational security
measures.
|
5 |
ARE THERE
ANY STANDARDS |
BS 8470 – Secure Destruction
of confidential material- Code of Practice, was published on 28 April
2006.
|
6
|
SECURITY METHODS TO BE CONSIDERED |
Security
Staff Training
Information Access
-
Is data maintained and stored correctly?
-
Have responsibilities for security been clearly defined between the
data controller and the data processor?
-
Are documents destroyed of securely, for example by shredding, or
are they simply discarded?
|
7 |
PENALTIES |
In the event of non-compliance
with the Data Protection Act1998 an unlimited fine could be incurred,
or up to £5000 per incident.
|
