[cap-talk] Excerpt of Italy Data Privacy: Legislative Decree 30 Jun 2003 n.196.
Valerio Bellizzomi
devbox at selnet.org
Mon Dec 18 18:31:55 CST 2006
On 18/12/2006, at 16.11, Mark Miller wrote:
>On 12/18/06, Valerio Bellizzomi <devbox at selnet.org> wrote:
>> Authentication credential* shall be de-activated if they have not been
>> used for at least six months, except for those that have been
authorised
>> exclusively for technical management purpose.
>>
>> * Authentication credential means: Application Userids and Technical
>> Userids.
>> [...]
>> Managers with Application Owner's support also including the employees
>> whenever necessary, are responsible to revoke all Userids defined in
all
>> applications assigned to Italian employees when e.g. users are on
period
>> leave, sabbatical, or maternity leave and they have not used for at
least
>> 6 (six) months. Except for those that have been authorised exclusively
>for
>> technical management purposes.
>
>
>Are any of us lawyers? I'm not. Anything the rest of us say is
>guesswork -- we're interpreting a foreign language -- legalese -- that
>only deceptively looks mostly like the languages we use.
>
>So here's my guess. I do not anywhere in this text see a requirement
>to provide accounts, userids, or credentials. Merely that if there are
>accounts, userids, or credentials, then you must manage them according
>to these rules. On systems without these pleasant features, none of
>these rules apply.
They apply, but the checks have to be done *manually*. I said it that this
is an excerpt, I omitted the part about manual checks.
>--
>Text by me above is hereby placed in the public domain
>
> Cheers,
> --MarkM
>_______________________________________________
>cap-talk mailing list
>cap-talk at mail.eros-os.org
>http://www.eros-os.org/mailman/listinfo/cap-talk
More information about the cap-talk
mailing list