The Data Protection Act, which has been in force since 1984, deals with any personal information that is collected or stored on paper and electronically. In April this year, the Information Commissioner’s Office (ICO) dictated that those in breach of the act could be fined up to half a million pounds in addition to the possible undertakings already open to the ICO as penalties.
Technological advances in recent years, such as mobile computing, mean that increasing amounts of data exist in digital form. More technology is now available to enable the storage and sharing of data, increasing the likelihood that it can end up in the wrong hands so it is essential that organisations have clear, user-friendly security measures and procedures.
There are five main principles that a business needs to adhere to in order to support compliance with data protection legislation:
Technology measures to protect data
Businesses need to look at how they store information and make their long-term data management more robust. For example, as data is generated by the use of multiple applications, it can become siloed and end up in disparate information stores – all managed differently. But if companies make use of technologies that handle and protect their data in a common way across the business, it becomes much easier to enforce policies and audit information to correctly identify whether or not they are supporting compliance with Data Protection Act.
Records Management to support compliance
Data Protection regulations demand that at any one time a single record can be uniquely identified, so classifying records correctly is essential. Each record, in effect, has a digital fingerprint which identifies exactly what the record is, the most appropriate way to manage it and how to provide access to it.
Protecting your data
Protecting data also means ensuring its integrity. One way to protect against accidental or deliberate overwriting of records is write once, read many (WORM) functionality. Data disposal is just as important. Companies need to implement the right policies to ensure that if data needs to be deleted it can be done safely and in line with appropriate regulations.
Access and retrieval
When considering long-term data management organisations should look at how data can be retrieved in five, ten or even 25 years’ time, as well as allowing access to the data when necessary. Complete index and search of records ensures data can be accessed by the right people, for the right reasons at the right time. For example, disk-based recording of data means that customers are guaranteed to be able to access their data cost- and time-effectively. By installing the right infrastructure an organisation can identify where data is, how it should be stored, protected and preserved and ensure that it is available for access as and when needed. This, coupled with people and process, is key.
Monitoring and audit
For compliance purposes, it is important to ensure that all data is managed throughout its life and all actions on the data logged effectively. In the event that a third party, such as the ICO, needs to audit the records, full disclosure regarding all actions on records stored must be possible.
Comments (0)
Post a Comment
.
