Applying the Data Protection Act to the Cloud The UK's Data Protection
Act 1998 (DPA) applies to the whole lifecycle of information, from its
original collection to its final destruction. Failure to comply with the
DPA's eight principles could lead to claims for compensation from
affected individuals and financial penalties of up to £500,000 from the
Information Commissioner's Office, not to mention negative publicity and
reputational damage. An expert introduction More than 85% of businesses
now take advantage of Cloud computing, but Cloud computing does not sit
easily with the DPA. Data Protection and the Cloud addresses that issue,
providing an expert introduction to the legal and practical data
protection risks involved in using Cloud services. Data Protection and
the Cloud highlights the risks an organisation's use of the Cloud might
generate, and offers the kind of remedial measures that might be taken
to mitigate those risks. Topics covered include: * Protecting the
confidentiality, integrity and accessibility of personal data * Data
protection responsibilities * The data controller/data processor
relationship * How to choose Cloud providers * Cloud security -
including two-factor authentication, data classification and
segmentation * The increased vulnerability of data in transit * The
problem of BYOD (bring your own device) * Data transfer abroad, US Safe
Harbor and EU legislation * Relevant legislation, frameworks and
guidance, including: o the EU General Data Protection Regulation o Cloud
computing standards o the international information security standard,
ISO 27001 o the UK Government's Cyber Essentials scheme and security
framework o CESG's Cloud security management principles o guidance from
the Information Commissioner's Office and the Open Web Application
Security Project (OWASP) Mitigate the security risks Mitigating security
risks requires a range of combined measures to be used to provide
end-to-end security. Moving to the Cloud does not solve security
problems, it just adds another element that must be addressed. Data
Protection and the Cloud provides information on how to do so while
meeting the DPA's eight principles. About the author With a background
in IT focused on CRM and other information management applications, Paul
Ticher has worked on data protection for over 20 years. He is now a
well-known consultant on the topic, mainly to non-profit organisations,
and specialises in work with charities and voluntary organisations. Paul
is the author of the standard work Data Protection for Voluntary
Organisations (now in its third edition) as well as materials for ITGP
and other publishers. He also carries out data protection reviews and
delivers training and webinars on the topic. Learn how to move to the
Cloud and still meet the DPA's principles - buy this book today!