The new measures put data protection firmly on the map for Government,
no longer can they simply download data onto a DVD and put it in the
post; measures actually prevent this taking place; equally the
ubiquitous memory stick is barred.
Government is catching up quickly on the rest of us who had these sort
of preventive measures in place already and were speechless when then
loss occurred. It was even more surprising that the first
batch of disks went missing and a second and third set were sent before
someone owned up to it.
It is interesting to note that the revised ISO9001:2008 now mentions
the protection of both intellectual property and personal data under
the clause 7.5.4 Customer property. It is an indication of just how
important this type of data protection is and how we should all treat
The Data Protection act covers personal data for living people only; it
does not cover company data, unless this data applies to a person
within that company.
Revealing person data in contravention of the act makes the person
releasing then data personally liable. They cannot claim
vicarious liability (putting the blame onto the company). If
the data commissioner prosecutes it can be very serious, with custodial
sentences for serious breaches.
About the Author
Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited
an established independent management consultancy based in Essex, UK
which specialises in ISO9001 Quality Management consultancy.