On 13/03/2014 06:21, Christof Wollenhaupt wrote:
Hi John,
a) Please start reading about the data protection act before you do
anything. This is a good introduction:
http://ico.org.uk/Global/~/media/documents/library/Data_Protection/Practical_application/THE_GUIDE_TO_DATA_PROTECTION.ashx
b) Your approach would not help you in any way to comply with the data
protection act. Compliance is not a matter of technically encrypting data,
it's a whole system that starts with the process, not a technical
implementation detail. You first need to be clear about who is processing
and storing which data for which purpose.
True, but 90% of Data Protection legislation is ludicrously over the top
for a small group/club/society, this is to some extent recognised by the
'not for profit' exemption from registration (qv).
If you need to do anything then simple precautions should be adequate - e.g.
# use a truecrypt volume
# keep your dbf's on a usb stick and lock it up when not in use.
# do a simple hash/de-hash in program for any sensitive fields** - I
have used a plain xor with a substring of a string that happens to be in
the program already - you won't keep out the NSA whatever you do; you
are not going to be subject to serious commercial espionage, you just
need to keep out nosey parkers!
** ICO only says "Encrypt any personal information held
electronically that would cause damage or distress if it were lost or
stolen."
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
