[OSX-Users] OSX upgrade warning

[Christopher Gutteridge]

Hi. I've been to talk to Kevin Shaw who's responsible for iSolutions 
security and data protection.

We're going to try to put together some guidelines but the quick take 
homes were:

Office365 is far better for data protection than most other cloud solutions.

When new rules come into force, the maximum fine to the organisation 
will be 5% of our turnover. We are around a £550m/year business...

One thing I'd not really internalised before: In addition to fines for 
the organisation, those responsible can be prosecuted personally which 
can result in a criminal record and a maximum fine of £100,000. Eeep.

(I believe I've got these facts right, but I'll cc him to double check)

Hopefully we can produce some guidance which is reasonable to follow 
without absorbing huge tomes of detail, and a list of services which are 
recommended.


On 22/09/2016 09:48, Christopher Gutteridge wrote:
> I've written to the security manager in iSolutions. His usual approach 
> is that for non legally protected data, like research etc, he'll help 
> you understand the risk and you can make a choice. However with 
> personal data he's (rightly) much more strict.
>
> I've asked if there's a recommended easy-to-consume page about good 
> practice and any services that are recommended or that we should avoid.
>
> My current understanding is that we shouldn't send people's personal 
> data to countries which do not have suitable data-protection laws. 
> There are exceptions if a specific company complies to rules, but just 
> shoving stuff in the cloud is reckless when it could cause harm if 
> leaked.
>
> Something to think about; would you be happy with the NHS casually 
> using dropbox to move patient records?

> -- 

Christopher Gutteridge -- http://users.ecs.soton.ac.uk/cjg

University of Southampton Open Data Service: http://data.southampton.ac.uk/
You should read our Web & Data Innovation blog: http://blogs.ecs.soton.ac.uk/webteam/