Security Policy

A significant part of the data protection act 1998 is the protection and security of data. Data is extremely valuable and the principle of data security is enshrined in the data protection act 1998.

Principle seven of the Act states:

Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless:

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

The Information Commissioner’s role is not to punish but to facilitate good practice and management of your data. If you ensure your data is constantly reviewed and managed effectively it will assist in ensuring that you have data protection compliance with the Data Protection Act 1998. The draft security policy will impress the Commissioner and will placate any fears that your customers may have with your ability to secure their data.

Both of the Stay Legal products include a Security Policy which will ensure that you have data protection compliance and avoiding any potential data protection issues outlined above.

Sample Security Policy

We are registered in England and Wales under company number XXX and we have our registered office at XXXX.

The Data Protection Act 1998 and the Information Commissioner requires all Data Controllers to take the issue of security very seriously.

This is the Security Statement of xxxxx Limited.

  1. We have a management and corporate commitment to information security within the organisation and provide clear direction, guidance and responsibilities and procedures in this respect.
  2. The company has a compliance officer who deals with security of information and personal data.
  3. All employees are briefed on the importance of personal data and security and confidentiality of information obtained.
  4. We control physical security in relation to the information and personal data that is contained at our facilities and restrict access to the site, buildings, computer rooms, office desk, technology areas, equipment and other facilities where unauthorised access by people could compromise our security.
  5. All proprietary or confidential information, including personal data ...

Continued...

"Commercial lawyers that provide a no-nonsense creative legal service for creative people"