[cap-talk] Data Privacy Clarification (was: Excerpt of Italy Data Privacy: Legislative Decree 30 Jun 2003 n.196.)

Valerio Bellizzomi devbox at selnet.org
Tue Dec 19 16:07:45 CST 2006 

I want to clarify two things:

1. This law talks about ACL user accounts in some operating system, it
doesn't talk about capabilities.

2. It merely specifies that a *daily* check must be executed, manually or
automatically, on such machines to see if user accounts have expired.

The point 2 above is considered by this law the minimum security measure.

val



>On 18/12/2006, at 23.59, Valerio Bellizzomi wrote:

>Italy Data Privacy: Legislative Decree 30 Jun 2003 n.196.
>
>Technical specifications concerning minimum security measures (Annex
>‘B’).
>
>The following technical arrangement to be implemented by all data
>controller, data processor - if nominated - and person(s) in charge of
the
>processing whenever data are processed by electronic means:
>
>Computerised Authentication Systems
>
>On Annex ‘B’ Document, point 7(seven):
>
>Authentication credential* shall be de-activated if they have not been
>used for at least six months, except for those that have been authorised
>exclusively for technical management purpose.
>
>* Authentication credential means: Application Userids and Technical
>Userids.
>
>1 Introduction
>
>Managers with Application Owner’s support also including the employees
>whenever necessary, are responsible to revoke all Userids defined in all
>applications assigned to Italian employees when e.g. users are on period
>leave, sabbatical, or maternity leave and they have not used for at least
>6 (six) months. Except for those that have been authorised exclusively
for
>technical management purposes.
>
>Whenever it is present, an automatic process can perform the control on
>behalf the human intervention of the Managers described above.
>
>--
>This suggests that user account checks are a must. Validity periods being
>selectable, of course.
>
>val
>
>
>
>
>_______________________________________________
>cap-talk mailing list
>cap-talk at mail.eros-os.org
>http://www.eros-os.org/mailman/listinfo/cap-talk

More information about the cap-talk mailing list