The seventh data protection principle of the Data Protection Act refers to appropriate security measures being taken to protect unauthorised or illegal processing.
All personal data, whether manual or electronic, must be kept secure to prevent accidental loss, damage or destruction. The extent of the security measures required will depend on the sensitivity of the data. Information security breaches can cause real harm and distress to the individuals they affect – lives may even be put at risk. Not all security breaches have such grave consequences, or course. Many cause less serious embarrassment or inconvenience to the individuals concerned.
Advances in technology have allowed us to process more and more personal data, and to share information more easily. This has obvious benefits when collecting and sharing personal data in accordance with the data protection principles, but it also gives rise to equally obvious security risks. The more information is exchanged, the greater the risk that the information will be lost, corrupted or misused.
It is vital that you understand the importance of protecting personal data and are familiar with our security policies. Start off by reading the basic dos and don'ts of information security.
What happens when things go wrong and data gets lost
A number of high-profile losses of large amounts of personal data have brought attention to the issue of information security since April 2010; when the Information Commissioners Officer (ICO) was authorised to issue monetary penalty notices by virtue of s55A of the Data Protection Act 1998, this section, inserted by the Criminal Justice and Immigration Act 2008.
The Commissioner may, in certain circumstances, where there has been a serious contravention of section 4(4) of the Data Protection Act, serve a monetary penalty notice to the data controller requiring the data controller to pay a monetary penalty of an amount determined by the Commissioner and specified in the notice but not exceeding £500,000.
KCC Information Security Policy : http://knet/ourcouncil/Policies/Information%20security%20policy.pdf
KCC Information Security Incident Protocol : http://knet/ourcouncil/Policies/Information%20security%20incident%20protocol.pdf