Information security overview
In the entire world there is not one company – private or public – that does not collect, merge or process data in its information system. The government collects data to calculate pensions, for example, to impose taxes correctly or to reimburse medical costs. Companies collect employee data to pay their salaries. Supermarkets collect data about customers' buying behaviour through loyalty cards so they can adapt their sales politics, …
Information has consequently become a precious thing. And valuable treasures require extra protection, which was not really difficult until not so long ago. Every organisation had its own isolated computer network which could easily be protected with simple measures. A good lock on the door, a properly working programme and a daily backup were enough.
But this would soon change: in no time everybody became connected to anybody through the internet, and the wave of new information and communication technologies is endless. This obviously requires very different and more complex protection methods.
An information security policy
How do companies start drawing up an information security policy in order for the information they possess to benefit from optimum protection against all sorts of dangers for their existence?
The risks when processing data and who is responsible
Because the abuse of personal data can have an enormous impact on our lives, the Privacy Act imposes additional rules. It is also important who exactly will be responsible for the information security policy.
The driving force behind the information security policy is the so-called security counsellor.
There are several international models and guidelines to assist organisations in the elaboration of an information security policy. The Privacy Commission has also drawn up its own model helping controllers to secure the personal data they wish to process.
For all data processing operations:
- In general
- Theme sections
- Sensitive data
- Information security
- Data quality
- The different rights
- Cross-border transfers
- Public register