Information Security Practices Under Italian LegislationOrganizations deal with vast amounts of information in their activities, using Internet connections to communicate both internally and with clients. At the same time, surveys show that many fail to implement adequate security measures, and have suffered internal and external breaches. These security breaches also end up costing companies, in terms of resetting their systems as well as of lost information. The Act 675/96 and the Presidential decree 318/99 set out the security requirements on businesses that process personal data.
The following questions have been addressed in this article:What security requirements are set out under the Law 675/96?
What are the principle security concepts under the Act 675/96 and the DPR 318/99?
What are the penalties for not performing these obligations?