For free advice call us now

07929 506 143

echrltd@aol.co.uk

New ICO Guidance

by | Feb 5, 2019

The Information Commissioner’s Office (ICO) has published new guidance on passwords in online services and encryption under the General Data Protection Regulation (GDPR).
The main points:
  • Organisations should have an encryption policy and train staff in the use of encryption;
  • Encryption should be used for storing and transmitting data; solutions should meet current standards and be kept under review;
  • Organisations should nevertheless be aware of the residual risks that remain even with encryption in place and take steps to address these;
  • Organisations must not forget about their password system once established, they should carry out periodic reviews;
  • There may be better alternatives than using passwords; and
  • When designing systems and services, organisations must have regard to a data protection by design approach and this includes for password systems.
It also includes information on:
  • How to store passwords;
  • How to enter passwords;
  • General requirements for passwords (i.e. length and use of special characters);
  • Changing passwords;
  • The role of the National Cyber Security Centre and
  • GetSafeOnline.
The ICO confirms in the guidance that where unencrypted data is lost or destroyed, it is possible that it will pursue regulatory action.

For further information please visit the ICO website: https://ico.org.uk
 

Back to News

The 12 Days of Christmas

On the first day of Christmas my true love gave to me - A bonus with a bottle of brandy Christmas Bonus With the cost of living, it may not be possible to give your employees a Christmas bonus this year. If the Christmas bonus is contractual then you will need to pay...