Research clinic: Data Security

What requirements are set out in the Data Protection Act 1998?

The Data Protection Act was written to be technology-neutral so it does not contain specific requirements for data security. What it does say however is that appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. What is appropriate will depend on the sensitivity of the data and the risk of harm to individuals should the data be lost, damaged or otherwise mishandled.

What are technical and organisational measures?

Data Security will not be the same in any two organisation but measures can be categorised in to four broad categories: organisational security, staff, physical security and computer security.

Organisational security relates to the implementation of an overall security policy with adequate resources and support. Staff issues cover recruitment training and supervision. Physical security will include access to offices, shredding of documents and the use of locking cabinets of files and laptops.

Finally, computer security is the most rapidly changing of these areas. A state of the art solution is not required but organisations must take into account technological development when they decide on security measures. Issues will include the use of adequately strong passwords, the encryption of mobile devices and the secure deletion and destruction of information stored on computers.

Find out more:

MRS Code of Conduct
Data protection and privacy issues - guidelines and FAQs
Your query not answered? Contact Codeline

Back to Research clinic

GUIDELINES COMPLAINTS PRODUCTS & SERVICES ACTIVITIES PEOPLE

What's New - Membership - Company Partner Service - Members' Area - Code/Guidelines - Qualifications - Training - Awards
Events - Networking - Publications - Media Info - Market Research - Search - Site Map - A-Z Directory - Contact Us - Home