According to an October 2011 tracking survey by the Information Commissioner's Office, 75% of UK organizations are aware of their legal duty to keep personal data secure.  That's right, legal duty, as described in the UK Data Protection Act of 1998 (DPA).

This represents an incredible 26% increase from 2010 figures.  The bad news, though, is that "awareness" is not tantamount to "actualization".  Some areas of compliance are easy to fulfil; others require effort.  The reality that the DPA is a complex set of laws -- and not unjustly regarded as so -- does not help matters.  However, when it comes to data protection and the use of encryption, the situation is very simple: the ICO insists upon its use if sensitive data is stored on a portable device.

In this and related pages, topics related to data encryption and protection are discussed and highlighted.  It should be noted that the DPA is a very broad piece of legislation and these pages cover but part of what the law requires.  For example, blagging (known in the US as pretexting) is not discussed although it's an offence under the Data Protection Act.

As usual, a caveat: the information -- despite coming straight from the ICO's website and other public sources that deal with DPA issues -- is not and does not purport to be legal advice.

This page is an ongoing effort and will be updated as circumstances arise.  Clicking on the below links will open a new window.

• Encryption
• Laptop Encryption (NOT) Required
• Encryption Technical Requirements
• Does Password Protection Work?
• Penalties
• Monetary Penalty History / Time-line
• What Types of Penalties Exist?
• For Data Controllers
• Can a Person Be a Data Controller Under the UK's DPA?
• Penalties Assessed on the Person
• Custodial Sentences
• Private or Government Organisations: Does It Matter?
• The Data Protection Act (DPA)
• Offences List in the DPA
• Section 55 of the DPA
• Useful Definitions