Focus on data protection
Keep it secure
Follow basic steps to keep personal information safe to avoid breaching the Data Protection Act, says David Hall
In the final article in our series on the Data Protection Act 1998, we look at Principles 7 and 8.
Principle 7 says: maintain technical and organisational measures to prevent unauthorised or unlawful processing, accidental loss, destruction or damage to personal data.
What it means for you: in a typical example, an NHS Trust was found to be in breach of the DPA when a human resources worker transferred sensitive personal data to a home computer that was not password or encryption protected. This sort of breach can attract serious penalties.
Organisations must have effective measures to safeguard both hard and soft copies of personal data. Set these out as easy-to-follow procedures and train staff to use them.
Steps to protect data include:
- Locks on desks/cupboards where hard copies are held
- Shredding documents
- Entry controls installed in places sensitive data is held
- Rules for staff about transferring data when out of the office
- Use of encrypting software on any portable or mobile devices.
Principle 8 says: data shall not be transferred outside the European Economic Area unless there is adequate protection.
What it means for you: don’t transfer data to a country without data protection laws equivalent to those in the UK. Anywhere in the EEA is ‘safe’, but if you are transferring data elsewhere, including where hosting services are in a non-EEA country, you should seek advice about whether that country has sufficient protection.
David Hall is a senior associate at Anthony Collins
david.hall@anthonycollins.com
Have your say
You must sign in to make a comment