February 2015
Intermediate to advanced
83 pages
1h 17m
English
Overview
Applying the Data Protection Act to the Cloud
The UK’s Data Protection Act 1998 (DPA) applies to the whole lifecycle of information, from its original collection to its final destruction. Failure to comply with the DPA’s eight principles could lead to claims for compensation from affected individuals and financial penalties of up to £500,000 from the Information Commissioner’s Office, not to mention negative publicity and reputational damage.
An expert introduction
More than 85% of businesses now take advantage of Cloud computing, but Cloud computing does not sit easily with the DPA. Data Protection and the Cloud addresses that issue, providing an expert introduction to the legal and practical data protection risks involved in using Cloud services.
Data Protection and the Cloud highlights the risks an organization’s use of the Cloud might generate, and offers the kind of remedial measures that might be taken to mitigate those risks.
Topics covered include:
Protecting the confidentiality, integrity, and accessibility of personal data
Data protection responsibilities
The data controller/data processor relationship
How to choose Cloud providers
Cloud security – including two-factor authentication, data classification, and segmentation
The increased vulnerability of data in transit
The problem of BYOD (bring your own device)
Data transfer abroad, US Safe Harbor, and EU legislation
Relevant legislation, frameworks, and guidance, including:
the EU General Data Protection Regulation
Cloud computing standards
the international information security standard, ISO 27001
the UK Government’s Cyber Essentials scheme and security framework
CESG’s Cloud security management principles
guidance from the Information Commissioner’s Office and the Open Web Application Security Project (OWASP)
Mitigate the security risks
Mitigating security risks requires a range of combined measures to be used to provide end-to-end security. Moving to the Cloud does not solve security problems, it just adds another element that must be addressed. Data Protection and the Cloud provides information on how to do so while meeting the DPA’s eight principles.
About the author
With a background in IT focussed on CRM and other information management applications, Paul Ticher has worked on data protection for over 20 years. He is now a well-known consultant on the topic, mainly to non-profit organizations , and specialises in work with charities and voluntary organizations . Paul is the author of the standard work Data Protection for Voluntary Organisations (now in its third edition) as well as materials for ITGP and other publishers. He also carries out data protection reviews and delivers training and webinars on the topic.
Learn how to move to the Cloud and still meet the DPA’s principles – buy this book today!
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.