Page 271 - DCAP104_EXPOSURE_TO_COMPUTER_DISCPLINES
P. 271
Exposure to Computer Disciplines
Notes 7. Ensure the data is kept physically secure
8. Don’t transfer the data outside the European Economic Area unless it is adequately
protected.
(d) You need to be aware of the rights the Data Protection Act grants individuals. These include:
1. The right of subject access, which allows individuals to see the data you hold on
them
2. The right to prevent direct marketing, which means individuals, can opt out of
being targeted with direct marketing, either online or by phone or mail. Once an
individual has put their request in writing, you have up to 28 days to stop.
3. The right to have personal information corrected
4. The right to prevent automated decisions, which prevents you from making
decisions on an individual using an automated process or algorithm. For example,
it would be against the law to employ someone based purely on the results of a
psychometric test.
(e) In some cases, you may be required to notify the Information Commissioner’s Office (ICO)
that you are holding data. The ICO allows people to find out what information organizations
are holding on them and what the information is being used for. If you use individuals’
information for any purpose other than staff administration (payroll, etc), marketing or PR
for your own business (rather than selling the information to a third party), or accounts and
records, you will be required to notify the ICO. If you’re at all uncertain, it’s best to contact
the ICO using the contact details below.
(f) Losing data will put your business at risk, so make sure you follow best practice at all times.
If you have any doubts over how you are handling your data, contact the information
commissioner’s office or visit its website.
(g) Carry out a risk assessment to identify physical risks to your data. Could it be affected by
power cuts, theft or fire? Make a plan which details how you will take action if your data
is affected by any of these threats.
(h) Make a list of who has access to sensitive data and who is responsible for inputting it, so
you can identify who you need to train and who is at fault if something does happen to
your data. Make sure these people are aware of the Data Protection Act and know how to
handle data correctly.
(i) It might seem obvious, but run regular virus scans to minimize the risks computer viruses
pose. A recent report indicated more than three quarters if business computers are affected
by viruses - and if your computer is hit by a bad one, the result could be catastrophic.
(j) Implement an IT security policy to make clear to your staff exactly how they should
be handling data. This should include rules on how to handle customer and business
information, limitations on the amount of access your employees have to data, and an
acceptable use policy for the internet and email.
(k) As well as the increased threat of getting a virus, misuse of the internet could have a
damaging effect on your business in other ways—including exposing your business to an
increased risk of legal action, a loss of productivity, and damage to your reputation if one
of your employees sends a badly-worded email. Be vigilant on this point and remind your
employees personal emails are representing the company as well as the individual.
(l) Create a data backup routine to make sure your business isn’t affected if something happens
to your servers. This should take place at least once a week, but ideally everyday.
264 LOVELY PROFESSIONAL UNIVERSITY
