( 1 Vote )
March 2010 was the last month before a number of changes to the penalty and enforcement rules are expected to the Data protection act, (including custodial sentences and far heftier fines), and it was local government and Finance/Insurance houses that came out badly. With 3  reported breaches  to each industry it was an unwanted draw, although hospital trusts will be happy to have  avoided recognition this month. What is most interesting however is the range of risks exposed. We had the usual lost Laptops and memory sticks but we also had wider process failings and a return of the age old "lost tape"

Concerning the process failing I have long advocated businesses reviewing how information is processed and managed through an organisation and generating a process map/ information flow policy.

 

 

For some of us it is exciting when a new computer arrives but quickly we realise that we will need to install all our applications again and then copy all our documents to the new system.  This can be a huge task but once this is done the job is still not complete, we still need to erase the data from the old computer.

 

Using production data for test and development could be illegal under the Data Protection Act or European Human rights laws, however what are the alternatives?

Three choices are available; create new data, encryption/scrambling and masking.