Information security and the law
This day long course addresses the Seventh Data Protection Principle and how the obligations under all the principles relate to ISO 27001. It also considers the eighth principle and the transfer of personal data outside the European Economic Area and outsourcing considerations.
The focus is the law underpinning the Seventh and Eighth Data Protection Principles. A review of data loss cases and how the Data Protection Act is enforced (Undertakings; Monetary Penalty Notices). The course extends to key parts of ISO 27001 relate to obligations under these principles (e.g. policies and management structures; practices for securing data including access controls and encryption). Contracts with data processors. How this influences system design. Offences and other relevant law (e.g. Computer Misuse Act; rules of evidence, confidentiality).
For public sector bodies, the context of the training is likely to be the HMG Security Framework and Information Assurance Assessment instead of ISO 27001.