| Author |
 Topic Search  Topic Options
|
chriscfox 
Newbie
Joined: 04 August 2010
Status: Offline
Points: 22
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: Data Protection
Posted: 06 August 2010 at 8:17am |
Presumably if I develop a website in which members of the public are able to store any personal data, I may fall under the Data Protection Act. Does Web Wiz provide a statement or guidance about what policies and procedures it has in place on which I might rely?
Many thanks, Chris
|
 |
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 August 2010 at 8:51am |
The following page has the Web Wiz Privacy Statement:- http://www.webwiz.net/legal/privacy_statement.aspHowever, this is only in relation to the data that we store, not your own on your website. You would need to contact the Data Protection Commissionaire to see if you need to be registered under the data protection act. The page below tells you how you would register:- http://www.ico.gov.uk/what_we_cover/data_protection/notification.aspxRegistration is quite simple and costs around £35 per year.
|
|
|
|
chriscfox
Newbie
Joined: 04 August 2010
Status: Offline
Points: 22
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 August 2010 at 1:27pm |
Thanks Bruce.
I was more thinking that, if I were required to be registered under the data protection act, I would need to be able to show I had taken due care to protect my customer's data. Since it would be stored on your servers, I would need to be able to show that I had satisfy myself that you have the appropriate processes and policies in place. I guess I would need to know that your servers were physically located in the UK / EU, that they were properly physically and electronically secured etc.
Does Web Wiz provide any documentation on which I could rely to that effect?
Thanks, Chris
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 August 2010 at 2:04pm |
|
When registering for the Data Protection Act you do not need to prove security. The Act simply requires that any organisation that keeps details on others, this can even be a paper address book, needs to register under the Data Protection Act, to let the Data Protect Commissionaire know what data you are keeping, they do not ask how you are keeping the data.
Edited by WebWiz-Bruce - 06 August 2010 at 2:39pm
|
|
|
|
123Simples
Senior Member
Joined: 08 July 2007
Location: United Kingdom
Status: Offline
Points: 1192
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 August 2010 at 2:06pm |
Hi Chris This page here explains where the Data Centre is located, and gives you the info that you may be requiring. However, under the legal terms section 2.2, Web Wiz would not be legally responsible for any data that you chose to store on the server, and therefore then this is where your own data protection would come into effect, and you would have to ensure that the software that you were using was as good as it could be, if you were then storing your own clients personal details and information. I'm pretty certain that no hosting company would be responsible for this apart from yourself in any problematic circumstances that may arise.
|
|
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer
Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 August 2010 at 2:52pm |
Shared hosting is inherently difficult to secure completely - as multiple users have the ability to upload and download files. Web Wiz do make every effort to secure our network and servers, but their is no way we can guarantee the security of your data. If you are worried about security then you should look instead at one of our Virtual Dedicated Servers where you have your own OS that you do not share and can be locked down. http://www.webwiz.net/virtual-servers/However, no matter how much you lock down the server, if your website has code with holes in the code then you could still be hacked. For example if you do not sanitise user input an SQL Injection could be used to obtain private data of your customers from your database.
|
|
|
|
chriscfox
Newbie
Joined: 04 August 2010
Status: Offline
Points: 22
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 August 2010 at 8:02pm |
@MrTWS, Thanks, that is the sort of information I was looking for. I know that I will always retain responsibility for any data protection related to my own web-site. But I understand that part of my obligation is to ensure that any third parties on which I rely have appropriate security etc. in place - i.e. that you're not hosting your servers in an unsecured warehouse in Lagos :-) So I think the page describing the data center, combined with your own data protection registration does that for me.
@WebWiz-Bruce, I am trying to bootstrap at minimum cost and effort at the moment, so virtual servers may still be a little way off. Whilst I appreciate there are never guarantees with computer security, I am sure your security is better than what an organisation of my size could implement on its own.
Thank you both very much for your help. I think I know what my next steps will be now.
|
|
123Simples
Senior Member
Joined: 08 July 2007
Location: United Kingdom
Status: Offline
Points: 1192
|
Post Options
Thanks(0)
Quote Reply
Posted: 06 August 2010 at 8:19pm |
Hi Chris For what it is worth I've always been very happy with Bruce and Web Wiz services. I can honestly say that the service is excellent and I would have complete trust in this companies abilities. By the way - I don't work for them - I'm just telling you as I see it. Additionally, I think Bournemouth is a step or two up from Lagos  If you do have any questions though, the good news is that Bruce will answer you whereas I know from past experiences with previous hosts, it's all they can do to even understand you  Hope you make the right choice Nite nite
|
|
|
|
