0845 225 2635

Security measures under the Data Protection Act

Data Controllers must take adequate and appropriate steps to prevent:

  • Unauthorised or unlawful processing of personal data,
  • Accidental loss of personal data; or
  • Destruction or damage to personal data

This duty is particularly onerous on employers and includes the obligation to protect data stored on laptops, mobile phones and tablet computers.

Data Controllers need to take steps to ensure that if there is a chance of a mobile device being lost or stolen that the personal data that may be stored on these devices are encrypted. The Information Commissioner can take steps to issue enforcement notices for this requirement against employers regarding any breaches of this requirement.

Enforcement notices can be to tighten security, introduce encryptions and/or further security measures and will usually give a date by which the notice must be complied with. Should the notice not be complied with then criminal convictions and fines can follow.

Security for personal data needs to be taken seriously and this will also extend to the transmission of personal data to third parties which could be intercepted.

For business law advice call 0114 249 59 69


This website uses cookies to enhance your browsing experience... moregot it