Security of personal information
23 November 2007
The ICO has published a Good Practice Note aimed at alerting small and medium-sized organisations to the security measures which they should have in place to protect the personal information they hold. The note includes guidance on what the Data Protection Act 1998 require, and where problems often occur in the ICO's experience.
It outlines the action which organisations should consider in respect of the information that they control, including assessing the security measures which need to be in place, reviewing who has day-to-day responsibility for security measures and considering whether any organisational or staff changes are required.