The January 1, 2004 entered into force Leg. 30.06.2003 n. 196 which has simplified and collected in a single law on the processing of personal data. The code of privacy, of course, also applies to lawyers and law firms regarding the information of customers, partners, employees, suppliers.
remember, albeit with some delay from the actual year of the promulgation of the decree (in particular as a result of subsequent amendments), many law firms - mostly small - have found themselves displaced in the face of requirements that, in the first approach, seemed to be difficult to implement.
In fact, the rules imposed are not so severe and involve simply the use of minimum security measures such as, for example, obtaining consent from the holders of the data, the adaptation of tools used for storage of data through the use of username and password or the location of the files in places not accessible to persons outside the firm.
Certainly the use of new technologies , though made more secure retention of our clients avert the loss or permanent loss, requires the attentions incidental. For example, the need to obtain permission from the owner of the data to transfer abroad in case of use of torture to cloud computing, Given the possibility that the servers are located outside the Italian territory (see discussion below to post iPhone Vs agenda).
said, March is coming and, like every year at this time you start to talk about privacy as the new Code, Rule 19 of the Annex, has called for the drafting of Doumento on Security (DPS) by March 31 of each year .
Specifically, the document must contain:
remember, albeit with some delay from the actual year of the promulgation of the decree (in particular as a result of subsequent amendments), many law firms - mostly small - have found themselves displaced in the face of requirements that, in the first approach, seemed to be difficult to implement.
In fact, the rules imposed are not so severe and involve simply the use of minimum security measures such as, for example, obtaining consent from the holders of the data, the adaptation of tools used for storage of data through the use of username and password or the location of the files in places not accessible to persons outside the firm.
Certainly the use of new technologies , though made more secure retention of our clients avert the loss or permanent loss, requires the attentions incidental. For example, the need to obtain permission from the owner of the data to transfer abroad in case of use of torture to cloud computing, Given the possibility that the servers are located outside the Italian territory (see discussion below to post iPhone Vs agenda).
said, March is coming and, like every year at this time you start to talk about privacy as the new Code, Rule 19 of the Annex, has called for the drafting of Doumento on Security (DPS) by March 31 of each year .
Specifically, the document must contain:
1. the list of the processing of personal data;
2. distribution tasks and responsibilities for data processing;
3. risk analysis;
4. measures be taken to ensure the integrity and availability of data and the protection of areas and locations, relevant to the storage and accessibility;
5. description of the criteria and how to restore data availability following destruction or damage;
6. the prediction of training of those in charge of treatment to aware of the risks and responsibilities involved the handling of personal data and the methods of implementing the notch;
7. description of the criteria to be taken to ensure the adoption of minimum safety measures in case of processing of personal data entrusted to it in accordance with the code, outside the structure of the holder;
8. for personal data disclosing health and sex life, identification of criteria to be used for encryption or for the separation of these data from other's personal data.
The CNF made available on its website, a quick handbook for lawyers on the procedures regarding privacy and model for the preparation of DPS (download here ).
The matter is, however, very complex and so is the establishment of a proper Security Policy Document. To whom, then, wanted to learn more and study issues relating to the privacy and security, with attention paid also to cloud computing, VoIP, Wireless and Firewall, you point out another interesting theoretical and practical course organized Studies by the Center for Legal Informatics of Genoa and sponsored by the International Academy of Forensic Sciences. The course, entitled "Privacy for business and corporate security: the requirements in terms of legal and technical by March 31, 2011" is aimed primarily at businesses, but useful, however, even for professionals. will be held Saturday 12 and Sunday, March 13 in Genoa . For more information, click here .
0 comments:
Post a Comment