RIPA authorisations consultation response - no use of encryption ?
Matthew Pemble
matthew at pemble.net
Mon Nov 9 20:40:05 GMT 2009
2009/11/9 M J D Brown <mjdb at dorevale.demon.co.uk>:
> Another question:
>
> Though the obtaining of material for law enforcement purposes is exempt
> from the usual Data Protection Act rules about otaining, processing, and
> storing, is it the case that there is no duty of care about safeguarding
> the personal data against unauthorised or inadvertent/improper
> disclosure?
Mike, et al,
As far as I am aware, both principle 6 and 7 continue to apply
regardless of the authority under which you obtain Schedule 2 or 3
compliance. s63(1) should also be noted.
SI2000/417 limits Principle 1 & Schedule 3 s4 & s5.
However, the problem has never been the breach of the DPA - it has
been the lack of meaningful sanctions (except against ICO employees -
I wonder what they were thinking of). This seems to be on the way to
being fixed.
There are no mandated technical or procedural safeguards - although
non-binding ICO guidance is rapidly getting to the point that some
form of encryption will become accepted as a minimal measure.
Matthew
--
Matthew Pemble
Technical Director, Idrach Ltd
Mobile: +44 (0) 7595 652175
Office: + 44 (0) 1324 820690
More information about the ukcrypto
mailing list