Directory of information security policies  
computer security standards and  
information security policy resources  

 Directory of information security policies and information security policy resources Contact Us Front Page


A growing number of legislative mandates are appearing in the area of information security. Although these cover a variety of issues (computer misuse, etc) the area attracting most attention is that of Data Protection.

In Europe, Data Protection Legislation is now fully operable. The UK's Data Protection Act is fairly typical and contains eight Data Protection Principles. These state that all data must be:

- Processed fairly and lawfully
- Obtained & used only for specified and lawful purposes
- Adequate, relevant and not excessive
- Accurate, and where necessary, kept up to date
- Kept for no longer than necessary
- Processed in accordance with the individuals rights (as defined)
- Kept secure
- Transferred only to countries that offer adequate data protection

The legislation underpinning these principles is extremely complex. It is not suitable for direct devolution to all those who may have responsibility for personal data. Nor does it, on its own, provide a measure of compliance. Hence the need for extensive consideration of how to meet it's demands.



Copyright © 1993-2001    The Security Policies & Standards Group