TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

""

""

France

By Pascale Gelly

The CNIL issued a recommendation to data controllers requested to transfer information to the U.S. in the framework of e-discovery proceedings. French legal requirements must be met including those resulting from the Hague Convention and from the Data Protection Act.

10 security recommendations
The security requirements of the French Data Protection Act being expressed in general terms, the CNIL recently issued  10 recommendations to guide IT and security managers, including:

  • creating a robust password policy (personal, confidential, of at least eight alphanumeric characters, renewed every three months, that’s a robust password!);
  • managing user accounts, which should be personal as opposed to generic;
  • securing work stations with automatic screen saver;
  • creating a strict definition of user access depending on user profile based on need to know;
  • ensuring data confidentiality by service providers beyond mere contract clauses;
  • securing local networks (logical protection, specific caution for remote access by portable devices…);
  • securing premises: access control, badges;
  • anticipating the loss or disclosure of data: regular backups, emergency recovery process, specific protection of portable devices (encryption) depending on content sensitivity;
  • anticipating and formalizing an IS security policy;
  • user sensitization to IT risks and to the Data Protection Act.

Pascale Gelly of the French law firm Cabinet Gelly can be reached at pg@pascalegelly.com.

Comments

If you want to comment on this post, you need to login.