Data Protection
Following hard on the heels of the loss of 25 million child benefit records the Government agency, HMRC is to introduce some strict measures to prevent this type of loss in future; some would say this is shutting the stable door but better late than never is what I say.
The new measures put data protection firmly on the map for Government, no longer can they simply download data onto a DVD and put it in the post; measures actually prevent this taking place; equally the ubiquitous memory stick is barred.
Government is catching up quickly on the rest of us who had these sort of preventive measures in place already and were speechless when then loss occurred. It was even more surprising that the first batch of disks went missing and a second and third set were sent before someone owned up to it.
It is interesting to note that the revised ISO9001:2008 now mentions the protection of both intellectual property and personal data under the clause 7.5.4 Customer property. It is an indication of just how important this type of data protection is and how we should all treat it.
The Data Protection act covers personal data for living people only; it does not cover company data, unless this data applies to a person within that company.
Revealing person data in contravention of the act makes the person releasing then data personally liable. They cannot claim vicarious liability (putting the blame onto the company). If the data commissioner prosecutes it can be very serious, with custodial sentences for serious breaches.
The new measures put data protection firmly on the map for Government, no longer can they simply download data onto a DVD and put it in the post; measures actually prevent this taking place; equally the ubiquitous memory stick is barred.
Government is catching up quickly on the rest of us who had these sort of preventive measures in place already and were speechless when then loss occurred. It was even more surprising that the first batch of disks went missing and a second and third set were sent before someone owned up to it.
It is interesting to note that the revised ISO9001:2008 now mentions the protection of both intellectual property and personal data under the clause 7.5.4 Customer property. It is an indication of just how important this type of data protection is and how we should all treat it.
The Data Protection act covers personal data for living people only; it does not cover company data, unless this data applies to a person within that company.
Revealing person data in contravention of the act makes the person releasing then data personally liable. They cannot claim vicarious liability (putting the blame onto the company). If the data commissioner prosecutes it can be very serious, with custodial sentences for serious breaches.
Posted: Wednesday, 11 February 2009
1 Comments:
With all the public chatter about security of data, and the data protection act, one point has been missed from the loss of government data - that it is covered by the Official Secrets Act, where simply behaving carelessly with such informaion is a breach and prison is the probable outcome of a conviction.
Ed.
Post a Comment