We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

How's your data protection policy doing?


Forum Editor

Likes # 0

If your business is in the habit of collecting and processing personal data from customers, or potential customers, it's worth thinking about your responsibilities as a data processor.

Broadly speaking, the purpose of the Data Protection Act 1998 is to ensure that individuals and companies who/which process information about living, identified or identifiable individuals do so in a manner that properly safeguards that information from unlawful disclosure to third parties. The kind of personal information that is protected under the act is names and addresses, bank details, and opinions expressed about an individual - perhaps by a senior manager about an individual worker in an internal company assessment document.


There are eight guiding principles as far as Data protection is concerned, and they are that data is/are:

1. processed fairly and lawfully

2. processed for one or more specified and lawful purposes, and not further processed in any way that is incompatible with the original purpose

3. adequate, relevant and not excessive


4. accurate and,where necessary, kept up to date

5. kept for no longer than is necessary for the purpose for which it is being used

6. processed in line with the rights of individuals

7. kept secure with appropriate technical and organisational measures taken to protect the information

8. not transferred outside the European Economic Area (the European Union member states plus Norway, Iceland and Liechtenstein) unless there is adequate protection for the personal information being transferred


Lots more about how to comply with the law here:

click here

Like this post
Chris the Ancient

Likes # 0

I do have a database of my customers which I carry on a laptop when I'm working. That laptop never leaves my sight.

If the laptop is opened by anyone other than myself, they have to know the Windows logon password.

Basic details, only, are kept; which includes various personal details - which *could* be of potential use to somebody else (fortunately, no bank or similar details). However, any given customer would only ever see their own personal details.

The database is downloaded to my home pc each evening (as a refresher and back up) and that pc is similarly logon protected. My 'office' is monitored in my absence by a webcam and associated security software recording.

All people actively on the database are aware of what their record contains and the associated protection that is applied to their data.

I just hope to goodness that all that would satisfy the powers that be!

CtA

Like this post
crosstrainer

Likes # 0

Of Trucrypt has just been released. If you are at all concerned about sensitive data, it's a good place to start. It is (apparently) US military approved.

I too keep data on my laptop (encrypted) but it is never left unattened...EVER!

click here

Like this post
Forum Editor

Likes # 0

Do you process the data in any way?

If you are a a small business, and you process data only for:

1. staff administration (including payroll)

2. advertising, marketing and public relations

3. accounts

You're OK, but otherwise, if you retain people's private data, and process it for any purpose within your business you must, by law, register as a data controller with the Information Commissioner. Basically, if you collect and hold personal data on a computer you are processing it, and must notify the Commissioner.

Like this post
LastChip

Likes # 0

Do be aware, that IF your laptop were ever stolen, that data could be accessed within a maximum of 10 minutes. I could certainly guarantee doing it in that time if all the protection you have is a Windows password and the laptop was undamaged.

The only reasonably safe way to protect it, is as crosstrainer has already suggested; encryption.

To my mind, there has now been too many data losses via laptops, and legislation demanding encryption on laptops, is long overdue.

Like this post
Forum Editor

Likes # 0

"legislation demanding encryption on laptops, is long overdue."

Eh?

You're not seriously suggesting that there should be a law requiring all laptops to have data-encryption technology, are you? I'm sure you must be joking, but I thought I should check.

Like this post
LastChip

Likes # 0

If they hold data that comes under the control of the data protection act, then, having been the victim of a major financial institutions stolen laptop, it seems to me perfectly reasonable to protect that data by all available means.

As you seem to be fond of, you have only used part of my sentence, which in its entirety, referred to data loss, although, on re-reading my post, I have to admit it could be misinterpreted.

I really do not understand the reluctance of institutions to use encryption on mobile equipment. If they wont use best practice and do it voluntarily, then place legislation on the statute book that forces the issue.

If there is some valid reason for not doing it, I'll be happy for you to explain it to me, because I simply do not understand why I and millions of others, should be put at risk.

If you are suggesting laptops used for personal use that hold no such data, then of course not. That's a matter for the individual.

Like this post
Chris the Ancient

Likes # 0

FE

Basically, my database is a record of customer names and addresses, record of training and their account status - and that's all. The accounts part of it forms an 'essential' part of my tax return accounting.

LastChip

The laptop is not left in the car if I'm not in the car. It stays with me. After all, it has my 'life' on it and I wouldn't want to lose that! And if I'm home and the laptop comes in with me, it stays near my desktop which makes them both covered by a security system.

However, Thinking further, I shall use Access's methodology to protect the database as a 2nd-tier security.

CtA

Like this post
Forum Editor

Likes # 0

The Data Protection Act already requires data controllers to safeguard private data. What we need isn't another law, as you seem to be suggesting, but the injection of some commonsense into those whose work involves holding/moving data from one place to another.

Trying to enforce a law that said company laptops must have data-encryption technology but personal ones need not have it would be a nightmare - think about it for a second and you'll realise that.

So far I haven't heard of anyone who has suffered any kind of loss as a result of the mishandling of their personal details in the recent high-profile cases, but of course that's not a reason for ignoring the lesson - I imagine that civil service and military laptops are all in the process of having data-encryption upgrades.

Like this post
Forum Editor

Likes # 0

It might be worth checking the Information Commission's online notification assessor - that will tell you whether or not you need to register:

click here

Like this post
Chris the Ancient

Likes # 0

Thanks for that guide, v-e-r-y useful.

Looks as though I'm OK

I'm covered by the third sub-bullet

* Data controllers who only process personal information for:
o staff administration (including payroll);
o advertising, marketing and public relations (in connection with their own business activity); and
o accounts and records. ***This is me!***

* Some not-for-profit organisations. ***Quite a lot of the time, I feel this is me. It's not intended that way, however! ***

CtA

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Exclusive: Samsung exits laptop market including Chromebooks

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

How a London VFX studio is ditching desktop workstations for cloud-based creative power

IDG UK Sites

iOS 8 tips & tricks: Get to know iOS 8's handy new features