It's free to register, to post a question or to start / join a discussion
How's your data protection policy doing?
Likes # 0
Posted February 3, 2008 at 3:14PM
If your business is in the habit of collecting and processing personal data from customers, or potential customers, it's worth thinking about your responsibilities as a data processor.
Broadly speaking, the purpose of the Data Protection Act 1998 is to ensure that individuals and companies who/which process information about living, identified or identifiable individuals do so in a manner that properly safeguards that information from unlawful disclosure to third parties. The kind of personal information that is protected under the act is names and addresses, bank details, and opinions expressed about an individual - perhaps by a senior manager about an individual worker in an internal company assessment document.
There are eight guiding principles as far as Data protection is concerned, and they are that data is/are:
1. processed fairly and lawfully
2. processed for one or more specified and lawful purposes, and not further processed in any way that is incompatible with the original purpose
3. adequate, relevant and not excessive
4. accurate and,where necessary, kept up to date
5. kept for no longer than is necessary for the purpose for which it is being used
6. processed in line with the rights of individuals
7. kept secure with appropriate technical and organisational measures taken to protect the information
8. not transferred outside the European Economic Area (the European Union member states plus Norway, Iceland and Liechtenstein) unless there is adequate protection for the personal information being transferred
Lots more about how to comply with the law here:
Likes # 0
Posted February 4, 2008 at 6:33AM
Of Trucrypt has just been released. If you are at all concerned about sensitive data, it's a good place to start. It is (apparently) US military approved.
I too keep data on my laptop (encrypted) but it is never left unattened...EVER!
Likes # 0
Posted February 3, 2008 at 5:59PM
I do have a database of my customers which I carry on a laptop when I'm working. That laptop never leaves my sight.
If the laptop is opened by anyone other than myself, they have to know the Windows logon password.
Basic details, only, are kept; which includes various personal details - which *could* be of potential use to somebody else (fortunately, no bank or similar details). However, any given customer would only ever see their own personal details.
The database is downloaded to my home pc each evening (as a refresher and back up) and that pc is similarly logon protected. My 'office' is monitored in my absence by a webcam and associated security software recording.
All people actively on the database are aware of what their record contains and the associated protection that is applied to their data.
I just hope to goodness that all that would satisfy the powers that be!
Reply to this topic
This thread has been locked.