The Information Commissioner’s Office (ICO) publishes new guide to IT Security

The ICO encourages businesses to use the guide to assist with putting appropriate IT security systems in place to avoid data breach fines and to comply with obligations under the Data Protection Act 1998 (including the seventh data protection principle, which requires appropriate technical and organisational measures to be taken to keep data secure).

This new version of the guide updates previous advice on the cloud and contains additional guidance on security of mobile devices. A new ten-step format sets out recommended action steps, including to assess threats and risks, get in line with the Government's "Cyber Essentials Scheme", train staff, back up data and minimise data.

The guide is published together with a useful Self-Assessment Tool Kit which incorporates checklists for various areas of data protection compliance including data protection assurance, records management, information security, data sharing and subject access, and direct marketing. A compliance rating is automatically produced upon completing assessments, along with detailed suggestions and links to relevant ICO guidance for areas where compliance could be improved.

Links to the guide and toolkit are available at https://iconewsblog.wordpress.com/2016/02/10/eight-reasons-small-businesses-should-read-our-new-it-security-guide/

For more information on legal issues relating to the life sciences sector, please contact Thomas Bjorn.