ABSTRACT
Security must be seen in the context of wider organisational policies. Many aspects of security will be taken care of by, for example, the IT department or its equivalent. However, high level security provision on its own is not enough; the systems have to work in practice. The Seventh Data Protection Principle makes this clear, by requiring that security measures be ‘technical and organisational’. Technical measures are relatively easy to provide: password systems, back-up systems for computers, locks on filing cabinets, and access control either to the building or to key parts of it are all routine.
