Data Protection: The Physical Security Aspects
By Orlando Barry
Sep 15, 2014
As a business you will no doubt be well aware of the fact you have responsibilities under the Data Protection Act. You will know there are eight principles to adhere to, including the fair processing of data, ensuring its accuracy and keeping it up to date, and making sure it is relevant to purpose.
Principle 7 of the Data Protection Act states that, ‘appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’.
Appropriate Security a Must to Prevent Data Compromise
In terms of data security, many businesses prioritise technical measures, such as network security. But physical security measures are just as important and as detailed by the Information Commissioner’s Office (ICO), in practice you must have ‘appropriate security to prevent the personal data you hold being accidentally or deliberately compromised’.
The ICO website outlines four main guidelines that businesses should follow to ensure compliance with the Data Protection Act. Two of these are:
- Designing and organising your security to fit the nature of the personal data you hold and the harm that may result from a security breach; and
- Ensuring you employ the right physical and technical security.
Security Must be Appropriate to Circumstances
The type of security measures you have in place are not defined by the Data Protection Act. What the ICO does say is that security measures should be appropriate to your circumstances and that management and organisational security measures are equally important.
They also say that physical security should include ensuring good quality doors and locks are in place and that intruder alarms, CCTV and security lighting should be implemented where appropriate. Plus the control of access to premises and the way portable equipment is stored are factors to take into account. Also think about how visitors to your premises are supervised and how confidential waste is disposed of.
Data Protection Act Responsibilities
You can read more about your responsibilities under Principle 7 of the Data Protection Act here. If you have concerns about information security, we can help with the physical side. Follow these links for more information or get in touch for expert advice that’s tailored to your business.