Security of Personal Data
All reasonable steps should be taken to ensure that personal data is secure.
The following steps are suggested: -
- Access to computer files should be restricted using privilege levels and passwords.
- Regular password changes should be enforced and the number of attempted logins limited.
- Equipment should be sited in a secure location where access can be restricted to authorised personnel. Members of the public should not be able to view terminal screens.
- Terminals should not be left unattended and should be logged off at the end of the session.
- Redundant data should be wiped or overwritten.
- Appropriate back up and storage should be observed.
- Floppy disks should be locked up after use.
- For large amounts of sensitive data, it might be necessary to keep a copy in a fireproof safe at a separate location.
- Network systems can be accessed by experienced persons. Whenever possible, personal data should be encrypted to prevent unauthorised access.
- Computer printout containing personal information should be shredded before disposal; it should not be used as scrap paper.
The motto is 'Log-off, Switch off, Lock up'.
This page was compiled by Igor WOWK, Data Protection Officer for C.U.E.D.
If you wish to contact him, click here: E-MAIL
Other means of communication are outlined if you
Click this link