Duncan S Smith
Principal Consultant
e-mail:
[log in to unmask]
gsm: +44 (0)777 556 8180
Company
Profiles
"The process of
Improvement"
----------------------------------------------------------------
The
information transmitted is intended only for the person or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination or other use of, or taking of any action
in reliance upon, this information by persons or entities other than the
intended recipient is prohibited. If you received this in error,
please contact the sender and delete the material from any computer.
This
footnote confirms that this email message has been swept by Norton Antivirus
software for the presence of computer viruses.
Company Profiles
Huntingdon UK +44(0)1480
461671
-----------------------------------------------------------------
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Ian Welton
Sent: Monday, October 29, 2001 9:55 PM
To: [log in to unmask]
Subject: Audit TrailsHas anybody done any work on audit trail requirements for hard copy material?Given that principle 7 requires all data controllers to provide sufficient audit trails to ensure the security of their data. For a data controller not to collect the relevant audit trail records for material within their control is a breach of principle.In hard copy processes managing sensitive data, I perceive some difficulties.This is probably not disimilar to computer audit trails across multiple individual data controllers where separate external organisations also have enquiry access. The audit trail requirements may be difficult but they are still a requirement for the data controller to collect if they are to comply with the principles, BS7799 and each organisations information security policies.Hard copy files in an Occupational Health Unit are currently an area I am looking at, so I would appreciate any observations from others who may have already done this type of work, especially as relates to insurance type disclosures.Ian W.