Security professionals should prepare for more legislation

Security professionals need to be prepared for the effects of the latest wave of information security legislation to hit the UK in April 2010, says a privacy...

Security professionals need to be prepared for the effects of the latest wave of information security legislation to hit the UK in April 2010, says a privacy and information lawyer.

Information security law has been moving at "Olympian pace" since HMRC disclosed the loss of the personal details of 25 million people last year, said Stewart Room, partner at law firm Field Fisher Waterhouse.

Since then there has been a quick succession of regulations and laws relating to information security leading up to the Coroners and Justice Act of November 2009, he told the (ISC)² Secure London Seminar.

From April, this Act gives the Information Commissioner's Office powers that will eventually touch every organisation in the country, said Room.

This includes the power to conduct information security audits and impose fines of up to £500,000 for serious data losses.

Information security professionals need to be aware of the potential organisational and personal consequences of failing to ensure secure information systems, said Room.

In this sense, he said, information systems includes security policies and governance processes, which means security professionals who fail to ensure these meet the requirements of law could expose themselves and their organisations to punitive action.

A unified security policy that includes several key elements covered by the new legislation will provide quick wins for security professionals and their organisations ahead of 6 April, he said.

A unified data security policy must deal with:

• Contract initiation - data handling rules and procedures

• Protect initiation - data handling rules and procedures

• Worker adequacy - skills, security clearance, security training

• Third-party assurance - data handling rules and procedures

• Culture and governance procedures for ensuring data security

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close