Data Protection

In: Business and Management

Submitted By Tapiwa
Words 1676
Pages 7
W A T S O N

H A L L

UK data retention requirements information data retention and disposal

Watson Hall Ltd London 020 7183 3710 Edinburgh 0131 510 2001 info@watsonhall.com www.watsonhall.com

Each type of data within an organisation should be identified and classified. Once this has been completed and during periodic reviews, it is necessary to define the retention and disposal policy. Business data records should be assessed for the statutory and legal requirements, business and accountability requirements and the risks associated with keeping or disposing of the data records.
A records management system or schedule of data retention criteria can be used to document the data records, the requirements and the security controls needed for their identification, storage, protection, retrieval, retention and disposal. There are a large number of statutes, case law and regulations defining how long some data must be kept for before it is destroyed — some of which are outlined on the following pages. A few requirements such as records of wages apply to almost all sectors, but we have listed some specific requirements for the communications, financial and governmental sectors. Other sectors have equally important requirements. The exact minimum retention period varies with the specific data type, and the starting date is often context related e.g. period from an event like an accident, retirement or the advertisement of a product. This document is based on the previous work by InTechnology Ltd:
Making Sense of Data Law, A review by InTechnology of legislation and regulation concerning data storage in the UK and Europe http://www.intechnology.co.uk/documents/whitepapers/MakingSense_DataLaw.pdf InTechnology Ltd, April 2004

The chart on the next page summarises this data in the subsequent sections.

P1-2009-3.0

1

Watson Hall Ltd

UK Data Retention…...

Similar Documents

Risk and Protection

...Communities That Care system as a capacity building tool to aid in the Strategic Prevention Framework process. The Strategic Prevention Framework is a 5-step planning process that guides the selection, implementation, and evaluation of evidence-based, culturally appropriate, sustainable prevention activities. Communities That Care is a tool used to guide a community through the assessment and prioritization of risk and protective factors most in need of attention and links those priorities to evidence-based and data driven programming to address them. It is important to remember that the Communities That Care system is simply a tool to aid in building a prevention infrastructure referred to as the Strategic Prevention Framework process. Communities That Care and Strategic Prevention Framework are not programs nor are they administrative names for program implementation. They exist and work together in helping communities get organized, identify problem areas based on community data, make knowledgeable decisions pertaining to how these problems should be addressed, and evaluate any actions taken to counter the problem areas. Each phase of the Communities That Care system fits well into a coordinating phase of the Strategic Prevention Framework process, and it is clear that sustainability and cultural competency as key components to every part of building a prevention infrastructure. This report describes the results of the risk- and protective-factor assessment......

Words: 1700 - Pages: 7

Data Protection

...Date: 06/27/2012 A LONG-TERM STRATEGY FOR DATA PROTECTION AND DISASTER RECOVERY FOR THE BR-DB01 MySQL DATABASE SERVER by Francis Nicholas Introduction This document discusses the recommended option for a long-term strategy for data protection and disaster recovery for the Sentrana MySQL and Infobright databases. After extensive research, the following components will provide for a long-term strategy for data protection and disaster recovery for the MySQL database server: 1. MySQL Master-Slave database server replication[1]. 2. Full daily and a full weekly backup of all databases on the master and slave servers respectively. a. Differential/incremental backups plan is currently under investigation. This is because a lot of articles I came across during my research advised against it due to the nature of its complexity and the level of difficulty in it implementation. 3. A clean up plan[3] that includes the removal of any database backups older than 7 days on the master server and 7 weeks on the slave server respectively. MySQL Master-Slave Database Server Replication The MySQL Master-Slave database server replication enables one database server, called the master, to be replicated to one or more MySQL servers, called slaves[4]. In our case, the master server will start off as the BR-DB01 database server. The server currently acting as Appserver-05 in the MarketMover environment is upgradeable to meet the present system and storage requirements......

Words: 1031 - Pages: 5

Data Protection for Business Continuity

...Outline Database 2 Data Protection for Business Continuity Introduction Motivation Recovery Objective Data Protection Techniques Classes of Data Mapping of Company Size, Classes of Data, and Techniques Denny (denny@cs.ui.ac.id) International Bachelor Program Faculty of Computer Science 2004/2005 Version 1.0 - Internal Use Only DB2/DP/DN/V1.0/2 Introduction Why do we need data protection? SEPTEMBER 11, 2001 = 100 MEGABYTES OF DATA MORE THAN US$ 1 MILLION DATA PROTECTION DB2/DP/DN/V1.0/3 DB2/DP/DN/V1.0/4 1 Why do we need data protection? Causes of unplanned outages (Disaster Recovery Journal, 2001) Why Do We Need High Data Availability? CAN COST 1 HOUR OF DOWNTIME US$ 6.5 MILLION DB2/DP/DN/V1.0/5 DB2/DP/DN/V1.0/6 Why Do We Need High Data Availability? Data Protection and Business Continuity So, in this topic, we will see: techniques to protect data and ensure business continuity when disaster occurs. GLOBALISATION DB2/DP/DN/V1.0/7 DB2/DP/DN/V1.0/8 2 Recovery Objective LAST BACKUP DISASTER OCCURRED SYSTEM BACK TO OPERATION Data Protection Techniques Overview 1. TIME DATA LOSS RECOVERY POINT OBJECTIVE (RPO) RECOVERY TIME OBJECTIVE (RTO) 2. 3. 4. 5. 6. Vaulting Physical: backup to tape Electronic: backup over the Internet Server fortification RAID: same copies, or split into several disks Dual power supplies Network cluster NAS: independent disks connected directly to network SAN: a......

Words: 1858 - Pages: 8

Data Protection and Recovery

...Data Protection and Recovery. Exist several ways to protect our data such having a good firewall to prevent attacks to our network or if we are looking to for a more strong way to protect the data, why not with the server we only give access using the MAC direction, this way only local computers in the network will be capable of accessing to the information in the network, if the server doesn’t recognize the MAC address, the server won’t share the information, this is one way to protect the data and we can combine this method with any other one. Data corruption, having the data storage in any server, can cause data corruption at any time, windows server or third parties software can cause data corruption, the is no 100% method to prevent data corruption, this is why having always a backup of all information is the only way to be sure our data is safe of corruption. To be sure data can be recovery safe and quick, it will be important to have a backup server or RAID system to make sure all our data is getting duplicated, now in days, is not only safe using one method to backup that the data, I will also recommend cloud backup system, these type of backups system can cost a lot money, but data loss in any company can lead to end of any institution. My way to handle the backups will be have a central data sever, where all the information will be send, this data server will a RAID setup, where all the data will be duplicated, with the RAID system backups will complete in real......

Words: 384 - Pages: 2

Data

...Data & Information Define Data: Data is just raw facts and figures it does not have any meaning until it is processed into information turning it into something useful. DATA Information 01237444444 Telephone Number 1739 Pin Number A,C,D,B,A* Grades Achieved At GCSE Define Information: Information is data that has been processed in a way that is meaningful to a person who receives it. There is an equation for Information which is: INFORMATION= DATA + CONTEXT + MEANING DATA 14101066 Has no meaning or context. CONTEXT A British Date (D/M/YEAR) We now know it says 14th of October 1066. Unfortunately we don’t know it’s meaning so it’s still not information yet. MEANING The Battle Of Hastings We now know everything so it can now be defined as information. How Is Data Protected? You’re data is protected by a law called the Data Protection Act this controls how your personal information is used by organisations, businesses or the government. This means legally everyone responsible for using data has to follow strict rules called ‘data protection principles’ there are eight principles. How Your Data Is Protected Use strong an multiple passwords. Too many of us use simple passwords that are easy for hackers to guess. When we have complicated passwords, a simple “brute force attack”—an attack by a hacker using an automated tool that uses a combination of dictionary words and numbers to crack passwords using strong passwords doesn’t mean this can’t happen it just......

Words: 904 - Pages: 4

Protection

...by a partnershp between University of Pennsylvannia and the US government. It consisted of 18,000 vacuum tubes and 7000 resistors. It was developed by John Presper Eckert and John W. Mauchly and was a general purpose computer. "Von Neumann designed the Electronic Discrete Variable Automatic Computer (EDVAC) in 1945 with a memory to hold both a stored program as well as data." Von Neumann's computer allowed for all the computer functions to be controlled by a single source. Then in 1951 came the Universal Automatic Computer(UNIVAC I), designed by Remington rand and collectively owned by US census bureau and General Electric. UNIVAC amazingly predicted the winner of 1952, presidential elections, Dwight D. Eisenhower. In first generation computers, the operating instructions or programs were specifically built for the task for which computer was manufactured. The Machine language was the only way to tell these machines to perform the operations. There was great difficulty to program these computers ,and more when there were some malfunctions. First Generation computers used Vacuum tubes and magnetic drums(for data storage). Second Generation Computers (1956-1963) The invention of Transistors marked the start of the second generation. These transistors took place of the vacuum tubes used in the first generation computers. First large scale machines were made using these technologies to meet the requirements of atomic energy laboratories. One of the other benefits to the......

Words: 749 - Pages: 3

Data Protection

...DATA PROTECTION- what is this act? What it is for? Controls how your personal information is used by organisations, businesses or the government. It also imposes restriction on the transfer of data, also like placing the materials on the web. Everyone responsible for using data has to follow strict rules called data protection principles, they must make sure the information is: * used fairly and lawfully * used for limited, specifically stated purposes * used in a way that is adequate, relevant and not excessive * accurate * kept for no longer than is absolutely necessary * handled according to people’s data protection rights * kept safe and secure * not transferred outside the UK without adequate protection There is stronger legal protection for more sensitive information, such as: * ethnic background * political opinions * religious beliefs * health * sexual health * criminal records State the principles- 1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless – (a) at least one of the conditions in Schedule 2 is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3. Personal data shall be adequate,......

Words: 1441 - Pages: 6

Data Protection

...Abuse is Suspected Appropriate Responses When Child Maltreatment or Abuse is Suspected BY Victoria Rothwell This is a guide to be aimed and to be used by professionals in which are the appropriate responses for a professional to follow if a child is being maltreated or if abused is suspected to be taking place. It includes the procedures to follow maltreatment is considered, suspected, confirmed or excluded and the roles and responsibilities of the professionals, as well as responding to direct or indirect disclosure. Content Procedures where maltreatment is considered, suspected, confirmed or excluded: * Whistle blowing * Reporting arrangements * Security of records * Sequence of events leading to registration on child protection register or care proceedings Roles and responsibilities: * Following policies and procedures * Observing children and their families and their interaction * How to respond if maltreatment is suspected * What action to take following disclosure * Maintaining confidentiality Responding to direct or indirect disclosure: * Listening skills * Communicating with the child at their own pace and taking them seriously with unconditional acceptance * Reassuring and supporting * Dealing with your own feelings Procedures where maltreatment is considered, suspected, confirmed or excluded Procedures where maltreatment is considered, suspected, confirmed or excluded Whistle Blowing This happens within an organisation,......

Words: 1990 - Pages: 8

Data Protection

...FXT2 Task 2 Follow-Up re: Human Resources Data Modification 1. Identify areas that were not addressed by the IT staff’s response to the incident. Based on the narrative, the only corrective measure the company implemented was PKI. As noted in the original evaluation, several areas need to be addressed: * Climate/culture of the organization * Employee training for social engineering attacks * Positive identification of employees when granting role-based access * Vulnerabilities within and without the network, specifically to sniffers and eavesdropping * The ease with which the employee changed his pay rate, indicating a single system used for HR profiles rather than segregated duties & systems * The PKI that was installed only addressed the HR system, rather than the entire organization Honestly, the whole environment at this company needs a complete evaluation and overhaul! 2. Outline the other attacks mentioned in the scenario that were not noticed by the organization. * Social Engineering * Sniffing/Eavesdropping * Unauthorized Privilege Escalation * Network Penetration * Spoofing a. Describe the nature of the attacks not noticed by the organization. By “the nature of the attacks” I interpret this to mean the source of the attacks, or the skillset required to carry out the attacks. I believe this employee was tenured based on their ability to: * Hack into the HR system * Successfully intercept the email from...

Words: 801 - Pages: 4

Hipa Protection

...HIPPA PII Protection IFSM 201 Due 04 Oct 2015 Everyone has heard about HIPPA, which is the common acronym for the Health Insurance Portability and Accountability Act. This federal regulation has three priorities that focus on are protecting the confidentiality, integrity, and availability (CIA) of patient electronic protected health information (EPHI), guarding against reasonable possible expectable threats to the security or integrity of said EPHI, and protecting EPHI against unauthorized disclosure (National Institute of Standards and Technology, 2008) . The protection of the CIA of EPHI is important because our patients rely on this information’s accuracy and availability in emergency situations for use by medical professionals, while the confidentiality is important to ensure this personal information does not fall into the wrong hands and to ensure the patient’s civil rights are not violated. There have been many recent high level HIPPA violations recently. Some of the most damaging breaches that released the most protected personal information (PII) occurred at the Department of Veterans Affairs. In 2013 one of the largest known EPHI/PII breaches at the VA was discovered through the conduct of a thorough investigation and reported by Steven Marco of HIPAAOne.com that “found there were an astounding 14,215 violations that affected 101,018 veterans and 551 VA employees at 167 facilities since 2010. These violations included using patient......

Words: 989 - Pages: 4

Protection to Bankers

...Protection to Bankers from disclosure of certain information to public  Banking is one of the most risky sectors as far as privacy is concerned due to the highly sensitive and personal nature of information which is often exchanged, recorded and retained. Although India has RBI guidelines and legislations to protect data, this blog post looks at the extent of those protections, and what are the areas that still need to be addressed. Introduction Banking is one of the most at risk sectors for privacy violations due to the sensitive, and highly personal nature of information that is exchanged, recorded, and retained. Individuals must trust banks with personal identifying information, their financial records, the access information to their accounts,  and their credit history. Thus, privacy violations are not taken lightly and heavily impact the individual whose privacy was violated. Ways in which a violation of privacy can take place in the banking sector include: sharing personal information with third parties without consent  for marketing purposes, stolen or lost banking number or card, sharing personal information or allowing access to third parties without informed consent, inadequate notification  to an individual concerning what will be done with their data, collecting more personal data than is necessary, refusal to provide financial records upon request by client, incorrectly recording personal information, and loss of  a clients personal data due to improper......

Words: 2508 - Pages: 11

Data Protection Principles

...Data Protection Act 1998 – The Principles explained Introduction There are eight guiding principles to the Data Protection Act 1998 (DPA) which the council must adhere to when processing personal data. The DPA defines processing as obtaining, organising, adapting, accessing, using and deleting. 1. First Principle “Personal data shall be processed fairly and lawfully” In order to comply with the first principle; one of the following conditions from Schedule 2 must be met if personal data is being processed: 1. The ‘data subject’ has given their consent 2. The processing is necessary a. For the performance of a contract to which the data subject is party, or b. For the taking of steps at the request of the data subject with a view to entering a contract 3. The processing is necessary to comply with legal obligation 4. The processing is necessary in order to protect the vital interests of the data subject 5. The processing is necessary for the Administration of justice 6. The processing is necessary for the legitimate interests of the data controller (except where unwarranted because of prejudice or legitimate interests of data subject) 2. Second Principle ‘Personal data shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with those purposes’ To comply with the second principle, the council must inform the Information Commissioner of all the purposes for which it processes......

Words: 887 - Pages: 4

Data Protection Act 1998

...Data Protection Act 1998 The data protection controls how your personal information is used by the government, organisations and businesses. this is the main piece of legislation that governs the protection of personal data in the UK. There are strict rules that should be followed by everyone responsible for using data. These rules are called ‘data protection principles’ * The data should not be kept for longer than its necessary * It only should be used for the specific purpose and nothing more * It must be used fairly and lawfully * Must be used in a way that is adequate, relevant and not excessive * It must be kept safe and secure * It must be handled according to people’s data protection right * It must not be transferred outside the European Economic Area without adequate protection There is stronger legal protection for more sensitive information, such as: * ethnic background * political opinions * religious beliefs * health * sexual health * criminal records The data protection gives the right to any person to know what information the government or other organisations have about them. People can send a letter to the desired organisation and ask them about what information they have about them. the organisation is legally required to give a copy of the information to the person who’s asked for it. However, there are some situations such as * the prevention, detection or investigation of a crime *......

Words: 326 - Pages: 2

Quantitative Qualitative • Method • Method O Protection of Human Rights O Protection of Participants’ Rights O Research Design O Research Design and Research Tradition O Population and Sample O Sample and Setting O Data

...analysis; comprehending, synthesizing, theorizing and recontextualization, the last two stages of which are reported in this paper, as well as some of the suggestions made by Burnard (1991) on the process of funnelling and collapsing, which are integral to the theorizing stage of this framework. Morse and Field (1996) identify theorizing as the ‘sorting’ stage of data analysis where meaning is attributed to the themes which emerge from the Ó 2007 Blackwell Publishing Ltd, Journal of Clinical Nursing, 16, 1134–1140 Surgical nursing sorting process. Recontextualization is the final stage concentrating on the development of emergent theory based on the propositions derived from the preceding analytical process. Making patients better poorly people, but the majority of people are quite well really, they have broken bones and they get better and I think its quite easy to meet people’s outcomes on an orthopaedic ward. (IA) (Laughs) The cheeky answer is that if you get a patient you don’t like you know you’re going to get rid of them fairly soon. But I like the Findings Initial analysis of data during the theorizing stage focused on manifest analysis of the general background questions and common themes present in all interviews. This clearly established that all participants had actively chosen to work in a surgical clinical area and preferred working in this area over all other clinical areas they were familiar with, although some had experience......

Words: 5044 - Pages: 21

Computer Protection

...many important information or data are saved in the computer. Such as your diary, the financial situation of a oil company or some secret intelligence of the military department. A lot of important information can be found in the memory of computer. So, people may ask a question: Can we make sure that the information in the computer is safe and nobody can steal it from the memory of the computer? Physical hazard is one of the causes of destroying the data in the computer. For example, send a flood of coffee toward a personal computer. The hard disk of the computer could be endangered by the flood of coffee. Besides, human caretaker of computer system can cause as much as harm as any physical hazard. For example, a cashier in a bank can transfer some money from one of his customer's account to his own account. Nonetheless, the most dangerous thief are not those who work with computer every day, but youthful amateurs who experiment at night --- the hackers. The term "hacker "may have originated at M.I.T. as students' jargon for classmates who labored nights in the computer lab. In the beginning, hackers are not so dangerous at all. They just stole computer time from the university. However, in the early 1980s, hackers became a group of criminals who steal information from other peoples' computer. For preventing the hackers and other criminals, people need to set up a good security system to protect the data in the computer.......

Words: 2167 - Pages: 9

HD Bilal: A New Breed Of Hero | #191.5 - The Death of Ye Zong (Part 2) 09-18-2018 | 10591479_home_porn_videos_of_a_naughty_girl_720p (homeporn tv) mp4