Butterworths Data Security Law & Practice

Butterworths Data Security Law & Practice is the first guide to data security law and breach action. Its focus on the security imperative makes it uniquely practical and readily usable by in-house lawyers and security specialists, and essential reading for their advisors in private practice. As data security breaches attract greater media attention, increasing public alarm is generating pressure for tougher law and harsher regulatory responses. In the current climate, businesses, public authorities and their advisors need to ensure a solid understanding of the pitfalls and control measures. They will benefit immensely from this book's guidance on best practice garnered from years of practical experience. The book covers the Data Handling Review and its implications for the public sector, the FSA's stance on breach notification and its ever increasing fines, as well as the ICO's guidance. It provides a detailed explanation of the implications for data controllers' breach handling strategies. The book also benefits from specialist chapters on the public and private sectors, core materials included in the appendices, such as the Data Protection Act and essential precedents such as checklists, template breach notification letters, clauses for employment and data processor contracts and a template information and communications systems security policy. Butterworths Data Security Law & Practice is the authoritative guide to data security law for lawyers both in-house and in private practice, data protection managers and information security specialists in businesses and consultancies, information technology, privacy, employment and data security experts working for the government or regulators.

Laws and rules for the security of data: Confidentiality, privacy and technology; Laws and rules for the security of data: Companies, corporate governance and financial services; Laws and rules for the security of data: Considerations for the public sector; Laws and rules for the security of data: Official secrets, regulatory and professional secrecy; Regulation and enforcement; Breach notification; Privacy Enhancing Technologies (PETs); Appendices; FSA and ICO enforcement action; Transposition of Articles 16 and 17 of the Data Protection Directive; Data Protection Act 1998; Regulation of Investigatory Powers Act 2000, Part I, Chapter I; Computer Misuse Act 1990; Official Secrets Act 1989; Communication from the Commission to the European Parliament and the Council on Promoting; Data Protection by Privacy Enhancing Technologies (PETs) - Brussels, 2.5.2007, COM(2007) 228 final; HMG Security Policy Framework, Version 2.0, May 2009; `Data Handling Procedures in Government: Final Report', June 2008; FSA report `Data Security in Financial Services: Firms' controls to prevent data loss by their employees and third-party suppliers', April 2008; ICO `Guidance on data security breach management', March 2008; ICO `Notification of Data Security Breaches to the Information Commissioner's Office', March 2008; ICO `Data Protection Guidance Note: Privacy enhancing technologies (PETs)', V2.0, March 2007; Forms and precedents; Checklist for handling a data security breach; Incident response checklist for handling loss of unencrypted laptop computer; Breach notification letter to Information Commissioner; Breach notification letter to data subject; Data protection clauses for employment contract; Information and communications systems security policy; Seventh data protection principle clauses for data processor contract; Pre-contractual due diligence for engagement of data processor