Get A Quote

[contact-form-7 404 "Not Found"]

Data Protection Act – PCs

Keyboard in chainsIf you handle personal information about individuals, you have a number of legal obligations to protect that information under the Data Protection Act 1998. The act includes sections covering access requests from individuals for which you hold data, sending data overseas, loss of data and information auditing.

The act is far too large for us to cover in one article so in this series we’ll be taking a look at some of the key areas in regards to IT security. In this article we’re looking specifically at desktop PC and laptop security.

The data protection act states that appropriate security measures must be taken against unlawful or unauthorised processing of personal data and against accidental loss of, or damage to, personal data. These include both technical measures, e.g. data encryption and the regular backing-up of data files and organisational measures, e.g. staff data protection training. The that end we recommend the following measures should be taken by all organisations, irrelevant of business size:

  1. Ensure all IT systems are protected from the Internet via a modern firewall and intrusions detection and prevention system (IDP). Ensure the firewall is correctly configured and that unused ports are blocked and monitored.
  2. Ensure all computers are protected with anti-virus software that is up to date and licensed.
  3. Ensure that Windows is configured to update itself and that all software requiring updates is patched regularly. Programs such as Adobe, Java and iTunes should be updated when security patches are released.
  4. Ensure that sensitive data on desktop machines and laptops is encrypted. Computers do get stolen (especially laptops) and encryption can prevent data getting in to the wrong hands if a machine is lost or stolen
  5. If data is stored on removable media, such as a USB flash drive, then ensure that data is also encrypted. USB drives are easy to misplace and encryption protects the data they contain.
  6. Ensure data is backed up and that backups are stored off-site or somewhere safe from theft and fire. If data is sensitive consider encrypting backups.
  7. When computers or storage media are disposed of – ensure that all data is destroyed. Do not assume that data can’t be recovered off a failed PC as the drive is most likely intact.

Many of these tips are simple and cheap to implement and no business should ignore them. By failing to implement one or more of these guidelines you are risking falling foul of the data protection act should data be lost or stolen. By following them, and keeping abreast of the latest security concerns, you are ensuring you comply with your legal obligations and protecting your business from repercussion should the worst occur and data be lost or stolen.

In the next article we’ll be looking at server security and shared information stores. How do you ensure personal data remains secure in a business where multiple employees have access to that data.

Posted on by Tim
This entry was posted in It 4 business, IT Security. Bookmark the permalink.