Sources of information to consider when reviewing or setting your security
03rd July 2019
As increasing amounts of personal data are being held by organisations, it’s important that organisations ensure that the information they hold on individuals is stored safely and securely.
There are a number of potential risks that can affect the security of personal data being stored by an organisation and organisations should understand both the potential risks as well as the appropriate measures that can be taken in order to minimise them. This should be reviewed as part of a risk assessment, or more formally as part of a Data Protection Impact Assessment.
Below are a number of sources of information which may be useful to consider when reviewing security measures and identifying the latest security risks.
- Data Protection Commission Guidance for Controllers on Data Security
- The National Cyber Security Centre (NCSC)
- ‘12 Steps to Cyber Security for Irish Businesses’
- Garda National Cyber Crime Bureau
- Garda National Economic Crime Bureau
- European Union Agency for Cybersecurity (ENISA)
- Cyber Security Information Note
- Threat Landscape
- No More Ransom
The above is just an indicative, non-exhaustive list, and the Data Protection Commission encourages organisations to consult those as well as other sources when assessing their security practices. Naturally, where appropriate, organisations should also seek independent legal and/or security advice regarding their obligations under data protection law.