Security and Data Protection
What is Computer Security?
Computer Security is the protection of computing systems and the data that they store or access.
Why is Computer Security Important?
Computer security allows us to:
- Enable people to carry out their jobs, education, and learning
- Support critical business process
- Protect personal and sensitive information
Why do I need to learn about Computer Security? Isn't this just an I.T. problem?
Good Security Standards follow the "90 / 10" Rule:
- 10% of security safeguards are technical.
- 90% of security safeguards rely on the computer user ("YOU") to adhere to good computing practices
Example: The lock on the door is the 10%. You remembering to lock the lock, checking to see if the door is closed, ensuring others do not prop the door open, keeping control of the keys, etc. is the 90%. You need both parts for effective security.
Source: UC Santa Cruz
Cybersecurity
The Internet is fundamentally insecure. However, there are simple things you can do to protect yourself and your information. Learn what they are in NOVA’s Cybersecurity Lab.
The video below explains some of these insecurities, and was produced by NOVA PBS.
The National Cyber Security Centre (a part of GCHQ) has a whole host of resources on their website containing guidance.
Cyber Crime
Up-to-date information about cyber crime such as internet safety and online fraud can be found on Staffordshire Police's Cyber Crime page.
They also hold regular online surgeries where you can ask about an issue your experiencing or any concerns you may have.
GDPR
The General Data Protection Regulation (GDPR) is aimed at giving people control over their personal data. It simplifies regulations for economic relations with other countries by making the EU procedures standardised. It was adopted on 27 April 2016, and took effect on 25 May 2018.
It's not just big organisations that this affects - small and local businesses will have to make sure they comply as well. However, there's lots of help available to do this.
Below are some links to outside organisations who can provide help to make sure you are complying with all legislation that you need to.
A good place to start is the Guide to the General Data Protection Regulation (GDPR) produced by the Information Commissioner's Office (ICO).
Data Anonymisation
Anonymisation is the process of turning data into a form which does not identify individuals and where identification is not likely to take place. This allows for a much wider use of the information. The Data Protection Act controls how organisations use ‘personal data’ – that is, information which allows individuals to be identified.
Organisations are increasingly reliant on anonymisation techniques to enable wider use of personal data. The code of practice explains the issues surrounding the anonymisation of personal data, and the disclosure of data once it has been anonymised. The code describes the steps an organisation can take to ensure that anonymisation is conducted effectively, while retaining useful data.
Anonymisation code of practice (1.84 MB) - this code will be useful to any organisation which wants to turn personal data into anonymised information for research or other data analysis purposes.
