Contents

Data protection

Policy actions sorted A-Z.

Create a strong data protection organisation

A data protection organisation, which understands current risks and capabilities, exists to protect people’s information rights.

Examples

Commentary

Related policy actions: Data protection, Personal data, Regulation

Link to this policy action

Enable people to request and correct data held about them

People have the right to find and request access to data held about them by data controllers so that they can understand what is held about them, by whom and correct errors.

Examples

Commentary

Related policy actions: Data protection, Personal data, Regulation, Transparency

Link to this policy action

Enable people to view access history of data held about them

People can access a history of who has viewed data held about them, so they can understand what is happening to their data and spot fraud and misuse.

Examples

Commentary

Related policy actions: Data protection, Fraud, Personal data, Redress, Regulation, Security, Transparency

Link to this policy action

Offer a privacy and security advisory service for companies providing digital services

A team or service exists to inform companies about best practices for digital security, consumer privacy and consent models.

Examples

Commentary

Related policy actions: Data protection, Education and awareness, Privacy, Security

Link to this policy action

Regulate the processing of children's data

Digital services should be forced to be limit the way they use children’s data. This ensures children’s right to privacy is maintained when they may not be in a position to make their own consent decisions.

Examples

Commentary

Related policy actions: Data protection, Personal data, Privacy

Link to this policy action

Require the reporting of data breaches

Data controllers are compelled to publicly report data breaches so that the public know it has occurred and can take action where possible and to incentivise data controllers to maintain secure data handling practices.

Examples

Commentary

Definitions

Related policy actions: Data protection, Disclosure, Personal data, Privacy, Regulation, Security, Transparency

Link to this policy action

Require the use of multi-factor authentication

The law requires the use of strong customer authentication for certain kinds of service.

Examples

Commentary

Definitions

Related policy actions: Data protection, Personal data, Regulation, Security

Link to this policy action

Right to consumer privacy

Data controllers handle and protect personal data that is generated through consumer transactions to protect the privacy of consumers.

Examples

Commentary

Related policy actions: Access, Data protection, Education and awareness, Personal data, Privacy, Redress, Regulation

Link to this policy action

Set and enforce data security standards

Government or industry bodies agree a set of standards for securing specific data and transaction types so that people can expect a minimum level of security.

Examples

Commentary

Related policy actions: Data protection, Personal data, Privacy, Security

Link to this policy action

Set minimum periods for which software updates must be provided

Set a minimum period where manufacturers must provide software updates to ensure customers are reasonably protected against software vulnerabilities without having to make new purchases.

Examples

Commentary

Related policy actions: Data protection, Security, User experience

Link to this policy action

Set punitive measures for data breaches

Laws and processes exist to prosecute data controllers in the event of a data breach. Punitive measures are intended to incentivise data controllers to better protect consumers data to avoid punishment.

Examples

Commentary

Related policy actions: Data protection, Personal data, Privacy, Regulation

Link to this policy action

Stipulate when services must encrypt data at rest

Set rules that require data to be encrypted when it’s stored by a data controller to mitigate the risks of a data breach.

Examples

Commentary

Related policy actions: Data protection, Privacy, Security

Link to this policy action

Stipulate when services must encrypt data in transit

Set rules that require data to be encrypted when sent across the internet to prevent it from being intercepted by an unauthorised third party.

Examples

Commentary

Related policy actions: Communications, Data protection, Privacy, Security

Link to this policy action