Timing is Everything
Nov. 21st, 2007 11:56 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
major_clangerThis week's topic in my IT Law course is - wait for it - data protection.
As part of my homework, I've just read the Data Protection Act (yes, the exciting, sexy life of an IP/IT lawyer-to-be!). Schedule 1, Article 7:
"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
Schedule 2 amplifies this as follows:
"Having regard to the state of technological development and the cost of implementing any measures, the measures must ensure a level of security appropriate to—
(a)the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage as are mentioned in the seventh principle, and
(b)the nature of the data to be protected.
The data controller must take reasonable steps to ensure the reliability of any employees of his who have access to the personal data."
I'll leave it as an exercise for the reader to comment on whether bunging a CD with 25 million records on it in the routine mail was either use of suitable security measures or the act of a reliable employee.
As part of my homework, I've just read the Data Protection Act (yes, the exciting, sexy life of an IP/IT lawyer-to-be!). Schedule 1, Article 7:
"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
Schedule 2 amplifies this as follows:
"Having regard to the state of technological development and the cost of implementing any measures, the measures must ensure a level of security appropriate to—
(a)the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage as are mentioned in the seventh principle, and
(b)the nature of the data to be protected.
The data controller must take reasonable steps to ensure the reliability of any employees of his who have access to the personal data."
I'll leave it as an exercise for the reader to comment on whether bunging a CD with 25 million records on it in the routine mail was either use of suitable security measures or the act of a reliable employee.
