We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Contact Forum Editor

Send an email to our Forum Editor:


PLEASE NOTE: Your name is used only to let the Forum Editor know who sent the message. Both your name and email address will not be used for any other purpose.

Tech Helproom


It's free to register, to post a question or to start / join a discussion


 

How's your data protection policy doing?


Forum Editor

Likes # 0

If your business is in the habit of collecting and processing personal data from customers, or potential customers, it's worth thinking about your responsibilities as a data processor.

Broadly speaking, the purpose of the Data Protection Act 1998 is to ensure that individuals and companies who/which process information about living, identified or identifiable individuals do so in a manner that properly safeguards that information from unlawful disclosure to third parties. The kind of personal information that is protected under the act is names and addresses, bank details, and opinions expressed about an individual - perhaps by a senior manager about an individual worker in an internal company assessment document.


There are eight guiding principles as far as Data protection is concerned, and they are that data is/are:

1. processed fairly and lawfully

2. processed for one or more specified and lawful purposes, and not further processed in any way that is incompatible with the original purpose

3. adequate, relevant and not excessive


4. accurate and,where necessary, kept up to date

5. kept for no longer than is necessary for the purpose for which it is being used

6. processed in line with the rights of individuals

7. kept secure with appropriate technical and organisational measures taken to protect the information

8. not transferred outside the European Economic Area (the European Union member states plus Norway, Iceland and Liechtenstein) unless there is adequate protection for the personal information being transferred


Lots more about how to comply with the law here:

click here

Like this post
wee eddie

Likes # 0

You appear to be OK.

but

The moment you send one of your Clients a letter, other than an Invoice or Statement, promoting one of your other products.

You advance to the previous Definition.

As they say. "Box carefully" Think about what you send out. The Commissioner's deft hand frequently falls appears on the almost innocent as they are easier to catch that the malefactors. I may, of course, be maligning the Agency and the tales I have heard may be apocryphal.

Like this post
LastChip

Likes # 0

I agree with your sentiments. Unfortunately, common sense seems to be sadly lacking, both in the private and public sectors. But here is not really the right forum to discuss it. More perhaps for Speakers Corner.

Like this post
Chris the Ancient

Likes # 0

Thanks for that guide, v-e-r-y useful.

Looks as though I'm OK

I'm covered by the third sub-bullet

* Data controllers who only process personal information for:
o staff administration (including payroll);
o advertising, marketing and public relations (in connection with their own business activity); and
o accounts and records. ***This is me!***

* Some not-for-profit organisations. ***Quite a lot of the time, I feel this is me. It's not intended that way, however! ***

CtA

Like this post
Forum Editor

Likes # 0

It might be worth checking the Information Commission's online notification assessor - that will tell you whether or not you need to register:

click here

Like this post
Forum Editor

Likes # 0

The Data Protection Act already requires data controllers to safeguard private data. What we need isn't another law, as you seem to be suggesting, but the injection of some commonsense into those whose work involves holding/moving data from one place to another.

Trying to enforce a law that said company laptops must have data-encryption technology but personal ones need not have it would be a nightmare - think about it for a second and you'll realise that.

So far I haven't heard of anyone who has suffered any kind of loss as a result of the mishandling of their personal details in the recent high-profile cases, but of course that's not a reason for ignoring the lesson - I imagine that civil service and military laptops are all in the process of having data-encryption upgrades.

Like this post
Chris the Ancient

Likes # 0

FE

Basically, my database is a record of customer names and addresses, record of training and their account status - and that's all. The accounts part of it forms an 'essential' part of my tax return accounting.

LastChip

The laptop is not left in the car if I'm not in the car. It stays with me. After all, it has my 'life' on it and I wouldn't want to lose that! And if I'm home and the laptop comes in with me, it stays near my desktop which makes them both covered by a security system.

However, Thinking further, I shall use Access's methodology to protect the database as a 2nd-tier security.

CtA

Like this post
LastChip

Likes # 0

If they hold data that comes under the control of the data protection act, then, having been the victim of a major financial institutions stolen laptop, it seems to me perfectly reasonable to protect that data by all available means.

As you seem to be fond of, you have only used part of my sentence, which in its entirety, referred to data loss, although, on re-reading my post, I have to admit it could be misinterpreted.

I really do not understand the reluctance of institutions to use encryption on mobile equipment. If they wont use best practice and do it voluntarily, then place legislation on the statute book that forces the issue.

If there is some valid reason for not doing it, I'll be happy for you to explain it to me, because I simply do not understand why I and millions of others, should be put at risk.

If you are suggesting laptops used for personal use that hold no such data, then of course not. That's a matter for the individual.

Like this post
Forum Editor

Likes # 0

"legislation demanding encryption on laptops, is long overdue."

Eh?

You're not seriously suggesting that there should be a law requiring all laptops to have data-encryption technology, are you? I'm sure you must be joking, but I thought I should check.

Like this post
LastChip

Likes # 0

Do be aware, that IF your laptop were ever stolen, that data could be accessed within a maximum of 10 minutes. I could certainly guarantee doing it in that time if all the protection you have is a Windows password and the laptop was undamaged.

The only reasonably safe way to protect it, is as crosstrainer has already suggested; encryption.

To my mind, there has now been too many data losses via laptops, and legislation demanding encryption on laptops, is long overdue.

Like this post
Forum Editor

Likes # 0

Do you process the data in any way?

If you are a a small business, and you process data only for:

1. staff administration (including payroll)

2. advertising, marketing and public relations

3. accounts

You're OK, but otherwise, if you retain people's private data, and process it for any purpose within your business you must, by law, register as a data controller with the Information Commissioner. Basically, if you collect and hold personal data on a computer you are processing it, and must notify the Commissioner.

Like this post

Reply to this topic

This thread has been locked.



IDG UK Sites

Google Fit vs Apple Health Kit: What's the difference?

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Introducing generation tech

IDG UK Sites

Government kills £50 million 'Silicon Roundabout' regeneration fund