Key Compliance Regulations:
United Kingdom
- BIP 0008 – 3; 2005 (replaces the former BSI 5000 regulations)
- BSI (ISO) 7799 (parts 1 and 2)
- Data Protection Act
The Data Protection Act 1998 gives individuals the right to access information held about them by organisations. The act governs how organisations can use the personal information that they hold - including how they acquire, store, share or dispose of it.
Consists of 8 enforceable principles for personal data held by organisations
- Freedom of Information Act
The Freedom of Information Act was passed on 30th November 2000. It gives a general right of access to all types of recorded information held by public authorities, sets out exemptions from that right and places a number of obligations on public authorities. The Act also amends the Data Protection Act 1998 and the Public Records Act 1958.
Public bodies / Government agencies have to release details upon request of information held and the state what information is held
- Regulation of Investigatory Powers Act 2000 (RIPA)
RIPA sets out legislation on the interception of communications, the acquisition and disclosure of data relating to communications, the carrying out of surveillance, the use of covert human intelligence sources and the acquisition of the means by which electronic data protected by encryption or passwords may be decrypted or accessed. It gives law enforcement and other public authorities the ability to require service providers to hand over information about the use of their networks. RIPA only applies to communications data, ie data about the use of networks such as information about individual users, information about use of the system and information about communications. The content of e-mails, full URLs browsed and any other information such as the content of filestore is not covered by RIPA.
In summary, the act is about defining the powers the government and its security, intelligence and communications bodies have to intercept electronic communications and data.