Hi Christof, Thanks for your reply. I'm comfortable that we are complying with the Act in terms of what data we store, how we use it, who has access, etc. My concern was raised when I saw a comment regarding loss of laptops and data sticks containing unencrypted sensitive personal information and realised that as our data was stored on a laptop in an unencrypted form (although the laptop is password protected) we might not be compliant in that specific area. I've reviewed the data we hold and identified that it is all in the public domain in the form of electoral rolls and telephone directories with the exception of the dates of joining and leaving the organisation - which hardly class as sensitive information. Encryption might just be the icing on the cake :-)
Regards John John Weller 01380 723235 07976 393631 > Hi John, > > a) Please start reading about the data protection act before you do anything. > This is a good introduction: > http://ico.org.uk/Global/~/media/documents/library/Data_Protection/Practi > cal_application/THE_GUIDE_TO_DATA_PROTECTION.ashx > > b) Your approach would not help you in any way to comply with the data > protection act. Compliance is not a matter of technically encrypting data, it's a > whole system that starts with the process, not a technical implementation > detail. You first need to be clear about who is processing and storing which > data for which purpose. > _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
