Role of ICT in data proteçtion.

uaset
modiication,and
loss
communication technology (ICT) security measures are necessay to protect confidential information from unauthorised use.

he hree key elements of an

eflective ICT security system
inc0e
Nonkoring and controling access to confidetial informatbon
Safe transmission of data
Secure storage and
disposal of data
ontoring and controlling access to confidential information
ecurtym e of protective secarity is to ensure access to infomation on a need-to-know basis only. There are a number of technical
Th
These
sUres hat are commonly used to monitor and control access to confidential infommaton, in accordance wh the legal requirements .
measures should be applied for a data integrabion proecs
ASspment of unique personal identification code and a secure means of authentication for system access.
o u n d , access ights and securiy auithorisstions macaged through n acoutable system or recors management proces
Probbools that ensure access rights are not shared with or provided to others.
Adit trails that inchude date and user idéntiication to track and monikor sccess to systems and data and how they are used.
Cconrol mechanisms to prevent unauthorised access, deletsion, modification, duplication, printing or transmission of fles.
Systes maintonanoe plars that provide adequate ongoing resources for seçurly upgrades.

T. safe transmiesion of data

trnemision ofdata,inckuding source data, inkagekeys, aswel asthat sociatedwth remote orelectronic acoesstointegrated datasets,
m a y consideration for data integration projects. The foloing security measures for the traqenission of data are essertial for al data linkage
projects:

Asecure inernet gateway. For high risk projects this gateway must be reviewed annually by the concemed authorities
Encoyption
omation.ot al electonic
Elecronic data transer
data transfer shouldto restrit
only occuraccess to infomation
where there is a securetointernet
suthorised users and prevent deciphering of inkencepted
gateway.

Use
that f
al a courier,i there
infomation aretechnical,
contained secary
on the disc ormedium
or other otherreasons
wil bethat restrictthetranser of dataelectronicaly.Atmedia level,tis epected
en ypted

. Secure storage and disposal of data

The following measures are recommended as best practice to esurethat data is stored and destroyed securely for all data integration projects;

Protocols and control mechanismsto prevent storage ofsensitive or confidertisl infomation on portable devices such asaptops orthurmb
drives unless they are both encrypled and password protected. This requirement is consistent wih the Protective Securiy Framework.
Storage of datasets associated with an intogration project on a password protected stand-atone computer in a secure room or on a
password protecled server on a computer network wih a secure firewal.
To presere privacy and confidentiaity. identilying infomation (such as product name, ingredient name, supplier details, etc) should be
used only orthe purpose of creating linkage keys and not stored on theintegrated dataset, unless speciicaly required and approved for
the project purpose and enabled by management
Project specic inkage kersshoud not enable inksto be established with other datasets or projects. Thecode (agorithm) used to create
linkage keys shoud also be kept confidential to prevent anyone re-identilying records through their knowledge of the key.
Once the approved pupose of the project is met, the integrated dataset and project inkage keys should be destroyed in a way that
compies with secure disposal requirements, unless retention of the dataset is required for long-tem studies

Secure disposal of eecronic records could incude: overwriing records so that the undertying, previously stored data is rendered beyond easy
recovery, delation of backup iies, and for very sensitive infommaton at high risk, degaussing might be considered (this involves demagnetisation
using alternating electric aurentsand renders any previously stored data onthe storage media as unreadable). The reoommended fom of
destruction di paper records or physical media, such as DVDs, is shredding.
 wiy
Stondard Grade Adminisrahion Renlrewahire Coun

DATA PROTECTION ACT 1984

Personal data held on computer, is safeguarded by the Data Prolection Act. This act lays out
rules for the storage and retrieval of personal data stored electronically

The Act has 2 main

provisions
(1) Itrequires that companies who store personal data on
Data Registrar. They must disclose to the Data Registrarcomputer
how
to register with the
how they use it, obtain it and disclose it. they hold the data,

(2 t allows anyone who has their details stored on

find out which
organisation holds data on them and to obtain a computer
to
copy of that data.

The main
requirements of the Act are:
Any electronically stored information must have been come
by legally
The information must be
up-to-date and accurate. t should also be relevant.
Personal data must be held and used
only for the specified purposes.
Data should be stored i a
ensure no
secure system, where measures have been taken o
unauthorised access, alterahion or destruction of the data.
Infomation should not be kept on file for
longer than is necessary
Individuals must have open access to any information held
opportunity to comect or erase any intormation which is notthem and must have
on
he
correct.

Storage&Retrieval of Information Page 8 Core Nokes

 Renfrowahiro Council
Stondard Grode Administrotion

ELECTRONIC STORAGE & RETRIEVAL OF DATA

manual filing systems, more and more
are
use paper based,
Although many organisations still
Electronic Filing ie Databases. A database
is a method of filing,
discovering the advantoges of
instead of in any of the filing systems
USing a computer system. Files are stored on the computer
listed above. There are many advantages of using a database:

stored on
files are hard drives, file
This is a spoce saving method of filing, as all cabinets.
servers or floppy discs which
are much more compact than filing

Files are easihly updoted and edited.

Dotabase hiling con be sofer, as fles can be prolected by passwords.

out if required.
Information is more readily accessed on screen and can be prited
the database, rather than
can be accessed easily by searching
Specific informationsheets
ploughing through of informafion to find the part you need.
order as files can be accessed at
Files do not need to be organised in any particular
the touch of a button.

SECURITY OF COMPUTERISED DATA

data against loss or corruption
Special precoutions must be token to safeguard computerised
and this may entail:

Keeping back up duplicate copies of disks in a secure place.

have access to
Arranging for personal passwords to be used by staf authorised
to
the data. The passwords should be changed regularlyy
The use of codes known only to the users of documents or files.

Locking fles and disks to prevent data beingaltered or added.

Core Notes
Storage&RetrievadofInlormation Page7