Des Browne in parliament
Mark Lomas
ukcrypto at chiark.greenend.org.uk
Tue, 22 Jan 2008 09:49:26 +0000
------=_Part_13828_17589508.1200995366858
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On 21/01/2008, Peter Tomlinson <pwt@iosis.co.uk> wrote:
>
> Des Browne still doesn't understand, because (at about 4.50 pm) he has
> just been going on about policies and procedures. It should not have
> been technically possible for the lost MoD data to be loaded into the
> now lost laptop, just as it should not have been possible for an HMRC
> official to copy that child database to CDs.
Just to emphasise Peter's point, here is the corresponding section of the
Data Protection Act:
"Appropriate technical and organisational measures shall be taken against
unauthorised or unlawful processing of personal data and against accidental
loss or destruction of, or damage to, personal data" (Schedule 1, Part I,
The Principles, No 7).
Schedule 1, Part II, sections 9 to 12 explain how to interpret this. I
would draw particular attention to sections 9 and 10.
"9. Having regard to the state of technological development and the cost of
implementing any measures, the measures must ensure a level of security
appropriate to=97
(a) the harm that might result from such unauthorised or unlawful
processing or accidental loss, destruction or damage as are mentioned in th=
e
seventh principle, and
(b) the nature of the data to be protected.
10. The data controller must take reasonable steps to ensure the reliabilit=
y
of any employees of his who have access to the personal data"
Mark
------=_Part_13828_17589508.1200995366858
Content-Type: text/html; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
<br><br>
<div><span class=3D"gmail_quote">On 21/01/2008, <b class=3D"gmail_sendernam=
e">Peter Tomlinson</b> <<a href=3D"mailto:pwt@iosis.co.uk">pwt@iosis.co.=
uk</a>> wrote:</span>
<blockquote class=3D"gmail_quote" style=3D"PADDING-LEFT: 1ex; MARGIN: 0px 0=
px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Des Browne still doesn't und=
erstand, because (at about 4.50 pm) he has<br>just been going on about poli=
cies and procedures. It should not have
<br>been technically possible for the lost MoD data to be loaded into the<b=
r>now lost laptop, just as it should not have been possible for an HMRC<br>=
official to copy that child database to CDs.</blockquote>
<div> </div>
<div>Just to emphasise Peter's point, here is the corresponding section=
of the Data Protection Act:</div>
<div> </div>
<div>"Appropriate technical and organisational measures shall be taken=
against unauthorised or unlawful processing of personal data and against a=
ccidental loss or destruction of, or damage to, personal data" (Schedu=
le 1, Part I, The Principles, No 7).
</div>
<div> </div>
<div>Schedule 1, Part II, sections 9 to 12 explain how to interpret this.&n=
bsp; I would draw particular attention to sections 9 and 10.</div>
<div> </div>
<div>"9. Having regard to the state of technological development and t=
he cost of implementing any measures, the measures must ensure a level of s=
ecurity appropriate to=97<br> (a) the harm that might result from suc=
h unauthorised or unlawful processing or accidental loss, destruction or da=
mage as are mentioned in the seventh principle, and
<br> (b) the nature of the data to be protected.
<p>10. The data controller must take reasonable steps to ensure the reliabi=
lity of any employees of his who have access to the personal data"</p>
<p> Mark</p></div></div>
------=_Part_13828_17589508.1200995366858--