will recall that on Thursday I went to bed when I was about to tell the most interesting details on the practical application of art. RLOPD 81. My health has not let me pick up the threads of my discussion so far. I hope they apologize.
Anyway, go to the mess. In this post, I will delight with two new trivia about the security levels:
1 .- The fourth security level . Many have asked me why is it the fourth level of security. As you can see below, this is bullshit to keep the narrative tension (acknowledge that this blog has some fun).
Although, theoretically, the security levels three, the legislature sets a medium level enhanced for those files maintained by the operators of electronic communications services. They should implement measures average and one of those set for the high level of security: maintenance of records relating to access control. According to art. 81.4 RLOPD:
"A files for which they are responsible operators providing electronic communications services available to the public or operate electronic communications networks for the data traffic and location data, is also apply security measures primary and secondary level, as high level security contained in Article 103 of this regulation. "
2. Data that allow a person's profile. The AEPD has determined in its legal report 8 / 2010 that if stored in a file curricula contain very detailed information on the subject (for example, include hobbies, personal or social circumstances, besides the usual academic data and labor), could be considered mid-level:
"(...) the question of whether a consultant, to contain the file training data and professional experience, ie curriculum vitae, should take measures average under Article 81.2 paragraph f) of the Regulations refer to those files containing a set of personal data that offer a definition of or personality characteristics of citizens and to evaluate certain aspects of the personality or their behavior.
The consultation does not provide information about the data contained in those files. However, given its own name, may be considered that in principle they contain only the data needed to maintain a working relationship with the consultant, so that, in principle, be understood that they are not covered by the provision contained in Article 81.2 f) of the Regulations.
However, if the data are incorporated into the curriculum that file contains very detailed information on the subject, for example, hobbies or a very specific profile studies, the level of security measures would be implemented the middle. "
And with that, I leave tomorrow. Good night.
0 comments:
Post a Comment