Email security and usage

Please note the Law may have changed since publication of article.

Email Data Security:

If your job is to maintain the security and integrity of your organisation’s network, a detailed knowledge of the Data Protection Act and related legislation is a boring but necessary part of the job for many of my clients.

Legislation can really only recommend the basic principles and the world of IT will inevitably develop more quickly than the legislation underpinning it. The challenge for network security specialists developing new systems and solutions is to work within the letter and spirit of the legislative framework.

For most businesses regulatory compliance is inextricably linked to the commercial need to maintain secure networks. For example, if a credit card company failed to maintain network security, it would expose itself to the major fraud and legal claims which could cost millions of pounds.

Storage of Data and Liability:

The importance of backing up data must have been brought home to many of us by the experiences of businesses large and small in New Orleans, many of which no doubt will have suffered a devastating loss of data following Hurricane Katrina.

If anyone has any doubt about the importance of backing up data, it’s worth bearing in mind the following points from a legal perspective:

As a general rule legal actions may be brought within six years of the act or omission complained of. Liability can attract not only to the company itself but to the directors or even in some cases the main share holders.

Under the DPA, ‘personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes of which they are processed’. There’s also an obligation to keep the personal data up to date. In other-words you should have a rigorous system in place to ensure for example that your ancient data files only contain relevant, adequate and up to date personal information.

The DPA states that “appropriate technical and organizational measures shall be taken” to safeguard personal data. This is something that many businesses abjectly fail to do. As a result, credit card numbers, membership lists and other personal data have occasionally become publicly accessible on the web. From a commercial point of view, lose that data, and you may not have a business at all.

© This article is copyright Simon Halberstam 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.