I was recently doing a consultancy work for a public organisation where AFAIK there was no backup for personal records which were on a single harddisk.
What are the DPA or similar implications of this? (I realise that from a "business" point of view it is disastrous).
Nick Landau
----- Original Message -----
From: phil gregg
To: [log in to unmask]
Sent: Friday, December 08, 2006 2:24 PM
Subject: Re: [data-protection] Data Destruction
I am told that our service provider literally takes a hammer to the drives and platters. I have not yet verified this!
This might help (Section 6 - on data erasure):
http://www.cesg.gov.uk/site/publications/media/directory.pdf
Regards
>>> Tim Trent <[log in to unmask]> 08/12/2006 13:52 >>>
A hard disk failure this week brought data destruction policies firmly home to me. My laptop is Toshiba. The hard drive failed. It had to go back under warranty, but I have a cast iron assurance that all that can be done to ensure the disk is not read and that the data is wiped from it will be done. That is wholly different from a colleague's experience with HP, who were unable to give him that assurance at the time he needed it.
However, as a matter of normal business we upgrade computers and the hard drives are disposed of.
As Privacy Officers, have you ever been consulted about the destruction, or rather the "Sanitisation" of data on the old hard drives? The only really certain too for data destruction is a volcano, and that is probably not efficient use of resources, so what does your organisation do in order to render the data on the old drives unreadable?
A useful reference is the US National Industrial Security Program DoD 5220.22-M, as published and amended in February 2006
------------------------------------------------------------------------------
Note:
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Newark and Sherwood District Council and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks.
Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.
Senders and recipients of email should be aware that, under the Data Protection Act 1998 and the Freedom of Information Act 2000, the contents may have to be disclosed in response to a request.
Newark & Sherwood District Council Legal Disclaimer
Thank You.
------------------------------------------------------------------------------
------------------------------------------------------------------------------
This e-mail message has been scanned for Viruses and Content and cleared by NetIQ MailMarshal
------------------------------------------------------------------------------
------------------------------------------------------------------------------
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
a.. Leaving this list: send leave data-protection to [log in to unmask]
b.. Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
c.. To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
d.. To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)
------------------------------------------------------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
