It shouldn't happen to an IT consultant
Spend your time doing business, not IT.
Wednesday 10 December 2008, 10:43 PM
Compliance – Part 2a: Data Protection
Complying with the The Data Protection Act (DPA) like most compliance tasks is part government imposed chore and part something you really should be doing anyway, as much due to risks to the business when data leaks as for the pain inflicted on those affected.
It regulated by The Information Commissioners Office (ICO), of all the government agencies I deal with I’ve found their phone line the best informed and most helpful. Before tackling any aspect of data protection I recommend calling them on 08456 30 60 60 for an informal run through of how the act affects you.
The Data Protection Act affects most businesses who store personal information. Complying with the eight principles is aided by wealth by of useful information on the Information Commissioners web site. Browse through the guidance notes and Codes of Practice at here to find information relevant to your business.
Although in most cases a full blown data protection audit is overkill for a very small businesses, some of the forms and checklists in the annex of the Data Protection Audit Manual offers a systematic way of reviewing areas that might need attention.
Its also worth knowing that if you fax, call or mail shot, you may be required to clean your database of contacts who have registered with the Mail, Fax or Phone Preference Services. They are responsible for maintaining lists of businesses and consumers who’ve have opted of unsolicited marketing messages, there is though, no need to remove customers or those who’ve previously requested information from you. The Fax and Phone Preference Services are a governed by the The Privacy and Electronic Communications (EC Directive) Regulations 2003 and enforced by the ICO.
If you're wondering if you have the time for all this, try an excellent form of disaster planning I recently came across. Imagine you come into the work to find a worst case scenario, say the fraud squad are searching the office within whilst you fight your way in past a crowd of baying tabloid hacks. Now try to imagine what happened.
Tomorrow in part B: Forensic readiness planning
It regulated by The Information Commissioners Office (ICO), of all the government agencies I deal with I’ve found their phone line the best informed and most helpful. Before tackling any aspect of data protection I recommend calling them on 08456 30 60 60 for an informal run through of how the act affects you.
The Data Protection Act affects most businesses who store personal information. Complying with the eight principles is aided by wealth by of useful information on the Information Commissioners web site. Browse through the guidance notes and Codes of Practice at here to find information relevant to your business.
Although in most cases a full blown data protection audit is overkill for a very small businesses, some of the forms and checklists in the annex of the Data Protection Audit Manual offers a systematic way of reviewing areas that might need attention.
Its also worth knowing that if you fax, call or mail shot, you may be required to clean your database of contacts who have registered with the Mail, Fax or Phone Preference Services. They are responsible for maintaining lists of businesses and consumers who’ve have opted of unsolicited marketing messages, there is though, no need to remove customers or those who’ve previously requested information from you. The Fax and Phone Preference Services are a governed by the The Privacy and Electronic Communications (EC Directive) Regulations 2003 and enforced by the ICO.
If you're wondering if you have the time for all this, try an excellent form of disaster planning I recently came across. Imagine you come into the work to find a worst case scenario, say the fraud squad are searching the office within whilst you fight your way in past a crowd of baying tabloid hacks. Now try to imagine what happened.
Tomorrow in part B: Forensic readiness planning
Previous
