FR: CNIL Guide to personal data security - 2010 Edition

Published on: 07/10/2010
Last update: 17/11/2010
Document

Description (short summary):  
On the occasion of an event dedicated to security, the 'Commission Nationale Informatique et Libertés' (CNIL), the French data protection authority, released this practical guide intended for data treatment managers, for them to comply with their obligations in the area of personal data security.

The increasing use of IT means in the management of organisations leads to an increasing number of data collected, used and stored. Yet, the law 'Informatique et libertés' (Law on IT and Liberty, in English) imposes an obligation on files managers to ensure the security of personal data. There are many threats to information systems and networks, including: IT fraud, goals hijacking, fraudulent inveiglement, data loss, vandalism, as well as more common disasters, such as fires and floods.

Security is designed for the entire set of processes pertaining to these data, whether one is dealing with their creation, use, backup copying, archiving or disposal. Security applies to their confidentiality, integrity, authenticity and availability.

The set-up of a security policy requires, first of all, risk assessment. Risks are many: disclosure of confidential information, forgery, identity theft or the accidental loss of personal data, etc.

The present guide consists of 17 thematic sheets targeted at IT-literate people - system administrators, developers, information systems security managers or users - willing to assess the security level of any personal data treatment.

Last, in order to encourage data treatment managers to take stock of the personal data security level of their organisations, the CNIL's website proposes a questionnaire allowing the assessment of the measures taken and of those remaining to be taken in order to better protect data.

Number of pages: 48

Description of license: N/A

Nature of documentation: Guide

Categorisation

Type of document
Document