United Kingdom Data Privacy Laws
UK Data Protection Act
The United Kingdom (UK) and European Union (EU) have strict data protection regulations and security requirements surrounding the use of cloud-based software solutions.
The UK Data Protection Act 1998 is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. The main intent is to protect individuals against misuse or abuse of information about them. The DPA was first composed in 1984 and was updated in 1998.
The Data Protection Act places clear demands upon those holding personal data in terms of the security that must be applied to protect it. It is necessary to apply a wide range of security measures to meet these standards. The fundamental principles specify that personal data must:
be processed fairly and lawfully.
be processed in accordance with the rights and freedoms of data subjects.
be protected against unauthorized or unlawful processing and against accidental loss, destruction or damage.
not be transferred to a country or territory outside the European Economic Area unless that country or territory protects the rights and freedoms of the data subjects.
The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The Commissioner’s decisions are subject to the supervision of the Courts and the Information Tribunal. The Office’s mission is to “uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals”.
In terms of cloud-based applications, the ICO recently released, Guidance on the Use of Cloud Computing, which is a guide to help clarify cloud services and applications responsibilities. Most importantly, responsibility for data protection remains with the data controller. And particular consideration should be given to mitigating the security risks relating to personal data. Foreign law enforcement agencies may have the power to demand access to personal data stored in a foreign data center. Failing to protect private data can result in an ICO fine.
The UK Government enforces a policy on classifying sensitive government data to ensure it is properly protected. Information is classified into three categories: Official, Secret or Top Secret data per the UK Government’s Security Classification’s Guidelines. Read more here.
More on Europe & Info Security
The European Network and Information Security Agency (ENISA) agency is dedicated to preventing and addressing network security and information security problems. ENISA also assists the European Commission in updating and developing European Community Agency legislation in the field of Network and Information Security. As such, it is the ‘pace-setter’ for Information Security in Europe, and a center of expertise. ENISA is overseen by a management board composed of representatives from the EU Member States, the EU Commission and other stakeholders. Together with the EU-institutions and the Member States, ENISA seeks to develop a culture of Network and Information Security for the benefit of citizens, consumers, business and the public sector in the European Union.
The Blue Coat Cloud Data Protection Gateway allows data controllers to configure their cloud systems with the appropriate data protection protocols that overcome the primary residency and security obstacles. Contact us to learn more about how we can help.