About

Pages

Archives

More...

Categories

Subscribe to this blog's feed
Blog powered by Typepad

Become a Fan

« The Importance of Correct Data | Main | Defending your Network Perimeter »

2009.06.23

Data Protection Law

I’d first like to define what is meant by information security and why it is important to all businesses.20090623 Data Protection

Commerce is based on the exchange of either goods or services. Very few business transactions are strictly cash only and therefore the seller usually ends up receiving and storing information about customers.

Some examples of the type of stored customer data include name, postal address, email address and banking details. These details are enough to identify an individual, construct a fault identity or commit fraud against someone.

A business has to assure customers it uses information handling systems that provide the following:
• Confidentiality – personal data is kept securely
• Availability – the company is in operation when expected
• Integrity – claims coming from the company are genuine

Information Security provides businesses with the guidance and skill to fulfil these assurances. The methods used are not all technical. Increasing staff awareness and configuring applications to protect against unauthorised access can be very cost effective.

There are laws governing the protection of information and the correct use of computers. These laws apply to all businesses that collect, process and store information from customers. No business is too small to be exempt.

The Data Protection Act (DPA) is designed to protect the public from misuse of personal data and applies to all businesses that collect, process and store information that can identify a person. The basic principles state that information must be:
• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection

Information security is much more than the use of a firewall on a network. The entire system for handling data must be considered. Each point from the perimeter of the network to the data that resides in a file provides opportunity to defend the system from both internal and external threats.

Photo by jsprhrmsn : bcn

Posted by at 10:35 |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.