HMRC building
The KTN hope the guidelines will prevent information loses on the scale of HMRC
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from Computing
ADVERTISEMENT

Cyber Security KTN issues privacy guidelines

Tom Young, Computing 23 Apr 2008

Businesses should examine privacy implications at all stages of a project lifecycle

ADVERTISEMENT

Businesses must meet privacy requirements at four stages of any project lifecycle that may involve personal information, according to a report from the Cyber Security Knowledge Transfer Network (KTN).

In order to protect customer and employee details, privacy must examined at the initiation, planning, execution and closure of a generic project lifecycle.

This will ensure organisations comply with any future guidelines as well as current ones, according to Nigel Jones, head of KTN.

"Trying to engineer privacy as an afterthought never works," he said. "This is the only way organisations can be sure they are doing the right thing."

The paper recommends that:

- At the project initiation stage high level privacy objectives need to be set - project owners need to be aware of applicable privacy laws and regulations, such as the EU Data Protection Directive and the US Safe Harbour agreement.

- Technology envisaged for use by the project should also be subject to a high level review to ensure that appropriate privacy controls can be implemented.

- At The project-planning stage technologies such as encryption should be considered to protect consumer and client data on storage media, and Privacy Imapct Assessments should be carried out.

- Audits and change control procedures should continue after the closure of a project to ensure privacy requirements are continually addressed.

- Organisations should ensure that a senior role is established with overall responsibility for privacy, and ensure that responsibility is not delegated, as in the case of the HM Revenue and Customs lost discs fiasco.

- When a project is decommissioned all relevant information needs to be carefully destroyed.

- Customers should also as far as possible be given the choice of opting out of services that require the collection of additional personal information.

- Systems should have strong access controls, to ensure that personal information is only accessed by those who are authorised to do so. Access should be logged, and logs regularly audited.

- Where possible, personal information should be stored together with metadata that describes it and its intended use.

- Organisations should implement transparent procedures for remediation of errors in personal information, or privacy breaches.

The Cyber Security KTN is run by QinetiQ on behalf of the government’s Technology Strategy Board.

M A R K E T P L A C E
V-SOL Premium Tracking available to the CHANNEL!
V-SOL: Supply Premium Vehicle Tracking Systems to MOD, TRansport for LONDON and EDF-CHANNEL RELEASE!
Claim Your Free IT Spend Audit Now!
Expert Buyers is the UKs Leading No Savings No Fee IT Procurement Service. Claim your Free Audit Now
WAN based Vulnerability Assessment
WAN based, automated, daily vulnerability assessments. Click here to try and request our whitepapers.
Web-based Expenses Software
As recognised by the Accountancy Age Awards 2004, 2005 and 2006.
Online Time Clock (Web Based)
Online Time & Attendance Tracking 30 Day Free Trial ( $49 a year )
Have your product or service listed here >   
J O B S
Financial Analyst
| Goodman Masson Recruitment
A leading Media company based in Central London requires a part qualified Financial Analyst to join the finance department on a temporary to permanent basis. You will be responsible for consolidating and analysing the month ... more >
Director / Partner Designate - Northampton
| Wavelength - Public Practice Recruitment
Director / Partner Designate - ACA / ACCA Qualified Manager - £ Excellent package open to discussion.At Wavelength we have been working very closely with this particular firm of Chartered Accountants over the last 3 ... more >
Management Accountant
| Goodman Masson Recruitment
I am urgently seeking a bright management accountant at the finalist or qualified level to join a fast-paced and friendly finance team within a leading media organisation based in Central London. The position will be ... more >
Interim Finance Director
| Huntress Search Ltd
Salary to £75,000 pro rota My Client, renowned PR firm based in the City is seeking a Qualified FD to cover maternity. This role is initially for a six month period but could be extended ... more >
More Jobs in Finance

Job zone
Job of the week
Related jobs
Search for a job
 
Try our Advanced search
Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Advertise . Accessibility
Business & Finance websites:
Accountancy Age Finance news, business, practice, public sector, tax, surveys
Best Practice Business advice, business commentary
Financial Director Business news, Interviews, Finance guides, audit fees survey
Management Consultancy management consulting news, management consultants league table
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . vnunet.com
Consumer Technology websites: Active Home . Computeractive . Gizmodo . PC Magazine . PCW . WebAct!ve . What PC?
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503