If the law 300/2008 the Guarantor Privacy intervened to determine some obligations on system administrators (rules on the appointment, to appoint in all remaining cases removed the exclusions under Article 34 co2) now with the measure December 10, 2009, more of a clarification, the Guarantor Pizzetti intervened to clarify in extremis (and perhaps technical solutions already implemented by more careful), some misunderstandings:
- seemed (and was confirmed) fact that all companies would be obliged to appoint the administrators: please read all the provisions of the technology to disperse it included But that figure was compulsory only where necessary and in all structures already taken are techniques of this type (the latter now reading measure it includes even better):
"requirements apply only those persons who, in dealing with personal information by computer, have to resort or have resorted to professional system administrator or a figure equivalent. "
- Just the ex art.34co2 cases (first and second sentence), which covers companies that do not process sensitive data to the exclusion of employee health data, PMI (criteria of the effective employment of up to 250 employees or 50 million euro annual turnover) or administrative and accounting functions, so you think you should be appointed in all other cases and in the presence of even one given sensitive for SMEs (if not uncommon).
This has changed now, as evidenced by the clarification of the order adopting a policy also adopted dimensional computer systems ("small and limited extent") and seems to be much more flexible than before:
"requirements do not apply, Instead, those persons of association, which also tend to have systems small and limited extent, but not particularly complex, can do without a professional specifically dedicated to system administration or in any case have decided not to make Appeal. "
remain, however, still doubts about tenuta dei file di log dei soli amministratori di sistema (perchè mai non di tutti gli utenti?)comunque risolvibile ricorrendo all' interpretazione e all'esperienza.
http://www.garanteprivacy.it/garante/doc.jsp?ID=1676654
- seemed (and was confirmed) fact that all companies would be obliged to appoint the administrators: please read all the provisions of the technology to disperse it included But that figure was compulsory only where necessary and in all structures already taken are techniques of this type (the latter now reading measure it includes even better):
"requirements apply only those persons who, in dealing with personal information by computer, have to resort or have resorted to professional system administrator or a figure equivalent. "
- Just the ex art.34co2 cases (first and second sentence), which covers companies that do not process sensitive data to the exclusion of employee health data, PMI (criteria of the effective employment of up to 250 employees or 50 million euro annual turnover) or administrative and accounting functions, so you think you should be appointed in all other cases and in the presence of even one given sensitive for SMEs (if not uncommon).
This has changed now, as evidenced by the clarification of the order adopting a policy also adopted dimensional computer systems ("small and limited extent") and seems to be much more flexible than before:
"requirements do not apply, Instead, those persons of association, which also tend to have systems small and limited extent, but not particularly complex, can do without a professional specifically dedicated to system administration or in any case have decided not to make Appeal. "
remain, however, still doubts about tenuta dei file di log dei soli amministratori di sistema (perchè mai non di tutti gli utenti?)comunque risolvibile ricorrendo all' interpretazione e all'esperienza.
http://www.garanteprivacy.it/garante/doc.jsp?ID=1676654
0 comments:
Post a Comment