Connecting...

"We tell it like it is!"

March 2017

February 2017

January 2017

December 2016

November 2016

October 2016

September 2016

August 2016

May 2016

April 2016

March 2016

February 2016

January 2016

December 2015

November 2015

October 2015

September 2015

August 2015

July 2015

June 2015

May 2015

April 2015

March 2015

February 2015

January 2015

December 2014

November 2014

October 2014

September 2014

August 2014

July 2014

June 2014

May 2014

April 2014

March 2014

December 2013

November 2013

October 2013

September 2013

August 2013

Your Systems and Data Protection

Published over 4 years ago by Elkie Holland
W1siziisijiwmtqvmdcvmjuvmtevmzqvmdgvodcxl2zpbguixsxbinailcj0ahvtyiisiju1mhgyodbcdtawm2mixv0
CREDIT: Photo from Flickr
CREDIT: Article written for us by ContractLaw 

How to ensure your systems stay on the right side of data protection laws 
When dealing with IT systems of ever increasing complexity and dynamism, data protection is easy to overlook. However, the consequences of breaching the Data Protection Act 1998 and an investigation by the Information Commissioner’s Office are scary. Your organisation could be fined up to £500,000, and the directors held criminally liable. Here are some tips to help you avoid this. What are the requirements for IT systems under the Data Protection Act? The Act sets out principles on the use of personal data in both electronic and paper-based systems. In summary, personal data should be:

  • Used for a legitimate purpose
  • Relevant to the intended purpose
  • Accurate and, up to date where appropriate
  • Used in accordance with the rights of the individual
  • Kept secure and held for no longer than necessary
  • Not transferred to a country outside the European Economic Area that does not have adequate data protection laws 

For what purposes can personal data be used? 
Data must be used in a way compatible with the purpose for which it was provided and which the individual concerned could reasonably expect. For example, in the case of a telecommunications company:
  • It is obvious that they will keep customer’s details on file for billing purposes
  • If they diversify into a new kind of telecommunications, it would probably be acceptable to send promotional information to established customers
  • If they wanted to pass customer’s details to a sister company in order to promote an unrelated product, explicit consent from the individuals concerned would probably be necessary 

What are the security requirements for electronic data? 
The Information Commissioner’s Office recommendations include:
  • Using a “layered” approach to security so there are backups if one protection fails (eg. physical security of the building; virus protection; firewalls; and passwords)
  • Segmenting network components (eg. web server and main file server)
  • Encrypting personal information that would cause damage or distress if lost
  • Limiting staff access to the information they need
  • Encrypting data stored on mobile devices and equipping them with a remote disable or wipe facility in case of loss When transferring data to third parties like payroll processors and cloud computing providers your obligations under the Data Protection Act still apply. Make sure the external parties have adequate data protection processes and ideally get written guarantees from them.

  • How should electronic data be deleted?
    The Information Commissioner’s Office takes a “realistic” approach to removal of electronic data. They will normally consider data to be deleted where it is “beyond use”, meaning:
    • The data will not be used for action affecting the individual concerned
    • It will be kept secure and not provided to third parties
    • It is intended that the data will be deleted permanently when possible Data Protection Law is complicated and the consequences of getting it wrong are serious. It is strongly advisable to take legal advice when developing and implementing systems that handle personal data. {{image_72_left}} 

    To find out more about data protection laws, click here to visit Contact Law.
    comments powered by Disqus