What's your Exit Strategy?

The following extract is taken from a paper delivered by Mr Ian Williams – Lead Policy Officer – Information Commissioner's Office titled "The ICO perspective on asset disposal" original source 

Data Protection Act 1998 – Schedule 1, Part 1, Principle 7

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

What does principle 7 mean in practice?

Organisational measures data-protection-185

Technical measures

Managing the lifecycle harddrive overwrite

Data controller and processor relationship

Data Controller (End User) ico logo

Processor (Third Party Contractor)

Lessons learnt

In addition to Principle 7 Data Controllers should also be mindful of Principle 5, stock piling data devices intended for destruction could result in a breach against Principle 5. 

Data Protection Act – Schedule 1, Part 1, Principle 5

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Find Out More

Come and Meet The Regulators - March 14th 2013 - Ricoh Arena, Coventry

This seminar is FREE for Persons involved / responsible for disposing of redundant IT Equipment  Find Out More!

Onsite Data Destruction.co.uk is a member of Advanced Digital Dynamics Group, committed to helping you Protect your Data and therefore Protect your Reputation.