Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Data Protection Act revision driving further compliance requirements

FutureSoft : 08 April, 2009  (Technical Article)
FutureSoft issues warning over the need for companies to be prepared to comply with the latest revisions of the Data Protection Act to be enforced from June
FutureSoft highlights the fact that businesses and financial institutions could face financial penalties if they fail to implement adequate measures to protect sensitive personal information over the next three months. Details of the new civil monetary penalties, in line with internal government targets and ministerial commitments, were due to be published in March, in time for their enforcement by the end of June. However, this date has subsequently passed.

"Businesses need to face up to the challenge of securing sensitive data. It is imperative that they take adequate measures to protect personal data, regardless of the timetable for regulatory sanctions," explains Tim Farrell, FutureSoft CEO and data security specialist . "Recent data loss has seriously harmed the reputation and effectiveness of UK business. Organisations, now more than ever, need to ensure that they take reasonable care to secure sensitive personal data."

Under the new s55A of the Data Protection Act, the Information Commissioner was supposed to have been given the power to impose civil monetary penalties on businesses failing to protect sensitive personal information by implementing reasonable measures, if such data is subsequently lost. Despite Lord Bach's commitment to empowering the data commissioner 'as soon as possible', the provision for statutory penalties has not yet been 'activated' by the necessary statutory instrument. FutureSoft understands that the Ministry of Justice was set an internal target, at ministerial level, to finalise and implement the regime of civil monetary penalties before the parliamentary summer recess, 'at the latest.' Government good practice is to provide statutory guidance twelve weeks before legislation comes into force, the date of which has now passed.

"As a minimum, personal data should be secured from downloading, be adequately encrypted in transit and access, restricted by using the appropriate technology. The reasonable measures demanded by law are likely to entail both intelligent management and the deployment of robust endpoint security,", surmises Farrell.

Lord Bach's commitment and original target was in line with a later recommendation of the House of Lords Select Committee on the Constitution, to implementing the penalties 'as soon as possible'. However, at the beginning of March, Mick Gorrill, the Assistant Data Commissioner, admitted that the maximum penalties had yet to be prescribed, and there is, as yet, no sign of the statutory guidance.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo