Security is one of the most important safeguards in preventing harm to individuals. The seventh principle says that you must take steps to prevent:
• Unauthorised access
• Accidental loss or damage.
These steps must be ‘technical and organisational’, and they must be ‘appropriate’ in terms of the technical options available, and also in terms of the harm that would result in the event of unauthorised access, or loss, or damage.
‘Organisational’ security measures should always include attention to human factors. In any security breach, at least part of the chain of causation is likely to be an individual taking, or failing to take, appropriate action. The Data Protection liability, however, ...