Access your Pro+ Content below.
DPA compliance not a black and white process
This article is part of the IT in Europe issue of June 2011
The problem with the Data Protection Act, from a practical point of view, and in contrast to US-originated compliance standards like PCI DSS, is that the DPA does not contain a list of detailed, specific requirements that every organisation can decide are either applicable or not applicable, and, if they are applicable, tick off as having been complied with. The problem with a tick box approach is that, where data security is concerned, one size definitely does not fit all. Threats evolve, and not all vulnerabilities are common. Compliance can be expensive and, if it is to be enforced, needs to be backed by an adequately resourced and aggressive regulator. The UK’s ICO is neither adequately resourced nor aggressive. However, it will pounce on obvious negligence, particularly in the public sector. The trick with the DPA, therefore, is to keep out of trouble, not to look for a detailed compliance checklist. Complying with the DPA is a process that can be broken down into three discrete stages. The first is simple: Do those things ...
Access this PRO+ Content for Free!
Features in this issue
Products to secure smartphones and cloud computing are in short supply.
For DPA compliance, a ‘tick-box’ approach is not an option. Therefore, the trick is to simply to keep out of trouble and avoid obvious negligence. Alan Calder explains how.
News in this issue
Can organisations expect a more prescriptive Data Protection Act in the future? UK Bureau Chief Ron Condon examines the law's prospects.
The Kaspersky kidnapping serves to remind that threats to some information security pros involve more than stolen credit card details.