6.1 - Security Principles
2016 - Unit 2
Information can only be accessed by individuals / groups authorised to do so.
This is a legal requirement of the Data Protection Act (1998). It is the organisation’s responsibility to protect the data using physical and digital security measures.
Information is maintained, so that it is up-to-date, complete and fit for purpose.
This is a legal requirement of the Data Protection Act (1998). Inaccurate data can lead to time wasting and incorrect conclusions. Organisations should have planned data maintenance to update information (e.g. contact details every year).
Information is always available to and usable by the individuals / groups that need to use it.
It must also be kept safe from unauthorised access. Staff should not make additional copies of information.
6.1 - Security Principles:
1. Summarise each of the three principles in your own words.