Does 'Can Spam' Travel?
The value of the eight principles lies as guiding 'commandments' that create an environment of best practice within companies. The principles force us to choose a practical path based on them, giving due consideration to the nature of the business and the data it collects and holds, together with a clear justification for doing so.
Data security is a good example. Recent history has not been kind to the U.S. track record in safeguarding personal data. There have been a series of high profile thefts culminating in the disclosure that 40 million credit card accounts were stolen from an Atlanta data processing firm. Even Citigroup, the biggest bank in the world, 'lost' information on 3.9 million customers when tapes that were not encrypted went missing during shipment by UPS. We appear to see less high-profile data theft in the EU, and the conclusion that data protection legislation has created an environment where these issues are treated more seriously is hard to dodge.
The seventh principle of The Data Protection Directive states that data must be held securely. Less prescriptive you could not get if you tried! But it works.
If I had to define measures for my business that would represent security for the personal data we control and process, these would include inter alia:
• Technological measures, such as firewalls and safe FTP sites
• Encrypted back-ups to ensure they are protected during transit
• Installation of the latest security updates.
Likewise, it is not too difficult to define, giving due consideration to a company's business, what 'secure' actually means in terms of practical steps that can be taken.
Blend the Best of Both Models