Information Technology IT – 5 eSecurity | e-Consult
5 eSecurity (1 questions)
Login to see all questions.
Click on a question to view the answer
Legal Requirements (GDPR):
- Data Minimisation: The authority should only collect and store data that is necessary for the purpose of council tax collection.
- Purpose Limitation: The data can only be used for the specified purpose (council tax collection) and not for any other unrelated purpose.
- Accuracy: The data must be accurate and kept up to date.
- Storage Limitation: The data should only be stored for as long as necessary for the purpose of council tax collection, with a defined retention period.
- Integrity and Confidentiality: The authority must implement appropriate technical and organisational measures to protect the data from unauthorised or unlawful processing, accidental loss, destruction or damage.
- Accountability: The authority must be able to demonstrate compliance with GDPR principles.
Technical and Organisational Measures:
| Technical Measures | Organisational Measures |
| Encryption: Encrypting council tax records both at rest and in transit. | Access Control: Implementing role-based access control to limit access to council tax data to only those employees who need it. |
| Firewalls: Using firewalls to protect the council's network from unauthorised access. | Data Security Policies: Developing and implementing clear data security policies and procedures. |
| Intrusion Detection Systems: Deploying intrusion detection systems to monitor for suspicious activity. | Employee Training: Providing regular training to employees on data protection and security. |
| Regular Security Audits: Conducting regular security audits to identify and address vulnerabilities. | Data Retention Policy: Implementing a clear data retention policy to ensure that council tax data is not stored for longer than necessary. |