Latest insights from our experts
Cyber Security and Data Protection
The National Cyber Security Centre have released new guidance for small business owners. This has been published following a global ransomware attack, which affected thousands of organisations worldwide earlier this week.
The incident demonstrates the importance for all business, including parks, to consider their cyber security as a priority. If your park accesses the internet, stores information on a computer, or communicates using e-mails it is possible for you to be subject to a cyber-attack.
If your park processes personal information you will be considered a ‘data controller’ for the purposes of the Data Protection Act 1998 (“DPA”). Personal information for this purpose is any information from which an individual can be identified, or along with other information, could lead to their identification. This would include the names and address of your residents or customers, for example. The use of CCTV on your park would also trigger the requirement, even if you do not keep any other personal information.
The DPA imposes an obligation on parks that personal information is kept securely. The Act requires that appropriate technical and organisational measures will be taken to protect data from unlawful or unauthorised processing, and destruction or damage.
Although the Act does not say specifically which measures must be taken, it does require that the security is appropriate to the nature of the information and the harm which may come from its use. The recent attacks serve as a timely reminder for all parks to ensure that they are compliant with their obligations under the DPA.
If you have any queries or if you are interested in subscribing to our Parklaw service, contact the Parks Team by telephone on 01392 207020 or email firstname.lastname@example.org