Home > Ask the Information Security Experts > Information security governance and compliance Questions & Answers > Complying with the UK Data Protection Act of 1998
Ask The Security UK Expert: Questions & Answers
EMAIL THIS

Complying with the UK Data Protection Act of 1998

Alan Calder EXPERT RESPONSE FROM: Alan Calder

Pose a Question
Other Security UK Categories
Meet all Security UK Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 10 January 2008
What are the key things I have to do to comply with the Data Protection Act?


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Information security governance and compliance
Credit card data protection (over the phone)
What are best practices for credit cards in a call centre?
How to achieve laptop data security

Compliance Regulation and Standard Requirements
USB drive security project protects endpoints, aids CoCo compliance
Cybercrime attacks, IT outsourcing, mobile malware top ISF threat list
The basics of enterprise GRC project management
SearchSecurity.co.uk partners with PCI DSS User Group
Council boosts compliance efforts with system log management app
PCI DSS Q&A: Answering your questions
Security budgets take hit in media, tech industry, survey finds
Forrester advises cautious approach to cloud computing services
NHS imposes USB stick security
IAS 6 aims to lock down data from government departments, suppliers

Data Protection Solutions and Strategy
Sourcefire to ignite new offerings for virtualisation security
USB drive security project protects endpoints, aids CoCo compliance
How to enforce an enterprise data leak prevention policy
Companies underestimate Web 2.0, social networking threat, says survey
RSA council addresses growing security risks in the cloud
Attackers use ATM malware to steal track data, PINs
CSA, Jericho Forum unite on cloud computing security message
How to create a data classification policy
Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert
Organizations struggle with data leakage prevention, rights management

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
Basel II  (SearchSecurityUK.com)
EU Data Protection Directive  (SearchSecurityUK.com)
Financial Services Authority  (SearchSecurityUK.com)
UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


There are a number of basic requirements and some that are rather more demanding. As a minimum, every organization that is going to process personal data (and this means any data relating to a living human being, not to an organization) must register with the Information Commissioner (www.ico.gov.uk) and describe, in the registration, what the purpose of processing this data is. It must be a permitted purpose. Registration is annually renewable and, once registered, you must comply with the purposes for which you've registered. That's the easy bit. The more complex bit is, in essence, that you must comply with the eight principles of the Data Protection Act. The eight principles are that personal information must be:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection
  • The ICO has comprehensive information (http://www.ico.gov.uk/for_organisations.aspx) and the BSI Data Protection Guide provides comprehensive guidance.




    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Access Management: Authentication, Biometrics, Password Security
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy
      TechTarget - The IT Media ROI Experts