Hoa Le, Senior QA Engineer at KMS Technology There are many...
Interview with a Lawyer – Paulina Sroka
The continuous growth in the Internet importance causes the growth of problems connected with data and information security…
Actually, as lawyers we can observe situations in which the matters connected with information security become subject of strife between corporations or private people.
Do you consider this a kind of pathology originating from the Internet?
Of course, the increasing number of the Internet users, as well as its importance growth, especially in business causes the emergence of many legal problems, but it is similar to other civilization inventions. Thus, it should not be stated that the Internet is a source of more problems than other inventions.
How would you rate the question of information safety in contemporary world?
Now we witness chaos in the field of data security. As I mentioned before, it depends much on the growth of the Internet importance, but not only. Contemporarily information has become a valuable thing, which means it is subject to theft, counterfeit as well as trade. It is well known, that practically any information can be sold. E-mail addresses bases and guides are the simplest examples of information that are subject to trade. Unfortunately, not enough attention is paid to information safety and data security, especially of private people.
Do you consider this a dangerous phenomenon?
Definitely yes! Fortunately it was noticed by government and non-government institutions. Also, businessmen and people’s consciousness of the topic of data security is growing.
How can data and information be protected?
The preventive and reparative activities depend on the person, who wants to conduct it. in case of private people, who use the Internet, it is enough to pay attention to what information and photos they publish etc. In the business world the opportunities are much greater. Observing a range of rules, which are introduced by a lot of world governments helps a lot in business running and, what is more, can be a source of enterprise competitive advantage,
What are the regulations?
There are a lot of such regulations. In the foreground the European ISO/IEC 27001 standard, containing many recommendations connected with data security, should be mentioned. The following one is the data protection act issued on the 29th August 1997. These regulations should be carefully observed by any enterprise.
How is it possible to document fulfilling the requirements contained in these documents?
There are a lot of enterprises which offer conducting personal data and information security audits in accordance with these regulations. Unfortunately, such audits are very expensive and relatively few businessmen decide to conduct them.
So, it can be stated, that there are market barriers to secure our data?
Unfortunately, yes. On the other hand, various ideas and projects appear to sort this situation.
What does this mean?
Recently I have read about a very interesting project subsidized by the European Union. It gives the opportunity to conduct legal audits in enterprises for accordance with the ISO/IEC 27001 standard using the Internet. This service, called EAudit, in my opinion, can change much in the field of data security and revolutionize this market. What is more, its cost is much lower than in case of so called traditional audits.
Is it legally permitted to conduct such services using the Internet without a personal auditor controlling the enterprise?
Yes, of course it is permitted. In addition it has a lot of advantages – its price is low and the system, replacing a personal auditor is inerrant.
So this project seems to be a really interesting substitute for expensive audits. Coming back to the question of regulations, are they effective and do they secure data and information sufficiently?
Yes, they secure in a sufficient way, but, due to the Internet development more updated regulations are needed to formalize the questions which were not discussed yet.
Thank you very much for the conversation.