Directory of information security policies
|Directory of information security policies and information security policy resources|
A growing number of legislative mandates are appearing in the area of information security. Although these cover a variety of issues (computer misuse, etc) the area attracting most attention is that of Data Protection.
In Europe, Data Protection Legislation is now fully operable. The UK's Data Protection Act is fairly typical and contains eight Data Protection Principles. These state that all data must be:
- Processed fairly and lawfully
- Obtained & used only for specified and lawful purposes
- Adequate, relevant and not excessive
- Accurate, and where necessary, kept up to date
- Kept for no longer than necessary
- Processed in accordance with the individuals rights (as defined)
- Kept secure
- Transferred only to countries that offer adequate data protection
The legislation underpinning these principles is extremely complex. It is not suitable for direct devolution to all those who may have responsibility for personal data. Nor does it, on its own, provide a measure of compliance. Hence the need for extensive consideration of how to meet it's demands.
HOME ~ WEBLINKS ~ CONTACTS
==> SOFTWARE DOWNLOAD AREA <==
Copyright © 1993-2001 The Security Policies & Standards Group