What Is Severe Menorraghia

requirements for holders of treatment.

The issue related to the implementation of security measures and enforcement of privacy laws has always been the focus of those who are to handle large databases or to be owners or managers treatment or storage within major companies. For the latter, in fact, have been provided new safeguards to be respected in the selection and appointment of administrators. The precise identification and responsible for these subjects, indeed, is of great importance, because it is one of the fundamental choices within an enterprise and helps to increase the overall safety of treatments performed. Just think, in fact, that very often the system administrator has a special position to which it is also the ability to determine - in conjunction with the owner and / or any other person responsible for treatment of - Who can access the privileged resource information system and business, all personal data (including sensitive): for this reason, system administrators must be chosen with particular care, since the risks that can run databases or computer networks are always higher.
After the recent and numerous changes in legislation or practice "that we have seen in recent times, which is published here is another measure of the Guarantor Privacy introducing a new performance in the management and protection of personal data processed through systems and safety assurance of the same data and systems.

preserve "access log" for at least six months in archives unchangeable and unalterable. must, that is, systems able to be taken to the registration of logical access to computer systems and electronic files by system administrators and, perhaps most important novelty, the access log

Privacy The Guarantor, in fact, with a decision of November 27, 2008 (" measures and mechanisms will be required for holders of processing with electronic instruments pertaining to the functions of the system administrator ") introduced the 'requirement for System Administrators (including those who held the job of network administrator, data base or maintainers) of

must have the characteristics of completeness, stability and ability to check their integrity appropriate to achieve the purpose for which verification is sought;

this means that the records should have some references to time and description of the event has generated and must be retained for a reasonable period (not less than six months). How not to think about digital preservation processes in line with the technical rules laid down by art. 71 of the Code of the digital and now contained in Resolution No CNIPA 11/2004 and in

DPCM January 13, 2004?

holders will also facilitate an easier understanding, in its organization, the existence of any system administrators: It is important to ensure, in this way, the knowledge of the existence of such figures and those who perform similar roles in all institutions and organizations, it is stated further that system administrators, regardless of whether or appointed officers responsible for processing, individuals should always be clearly identified within the DPS and their names must be communicated or made known by all stakeholders .

According to the writer, then, to avoid unpleasant penalties, each holder must ensure that this list has been made in the next annual update of the DPS and, in cases where the holder is not required to prepare, you will be required to enter the name of system administrators in an internal document to keep updated and also available in investigations by the Ombudsman.

And if the activities of system administrators are concerned, even indirectly, services or systems that allow the processing of personal information workers, public and private owners, as employers, are required to disclose the identity or system administrators within their own organizations through special report pursuant to art. 13, Leg. 196/2003 (or you can also use communication tools such as corporate intranets, service orders to internal movement ect.). They are the exception, in each case, the cases of exclusion by law of such advertisements or knowability.

If so, then service system administration outsourced the holder is obliged to keep identification of individuals responsible for such system administrators. Holders of the treatment will have also an obligation to annual review on the work of system administrators to control whether or not compliance with organizational measures, technical and safety with respect to the processing of personal data as specified by law. In terms of exclusions, this measure does not apply to persons falling within the privacy exemption from the subject of the recent simplification measures, provided for small and medium enterprises or for professionals who process personal data only for administrative purposes and accounting.

Let us now examine the reasons for which the Ombudsman considered it necessary to introduce this additional performance:

1 - First, system administrators, or those that manage access to databases, are generally responsible operations from which to derive great responsibility and high critical to the protection of personal data they have access. Let us recall that by its nature the system administrator has a capacity for action of their own and a relationship of trust that binds to the holder in carrying out their duties (so important for companies and large public organizations and private, so that appoint him sometimes as the data). But in reality, this small figure of some significance, because it should be in charge of tasks of supervision and control of the correct use of the computer system managed and used;

2 - Secondly, the activities of backup or disaster recovery ( Privacy Code also regulated in

), the organization of network flows, management of storage media, or the simple hardware maintenance involving the possibility for such persons to act on critical information, all activities that fall within the definition of "treatment of personal data, even when the administrator does not consult it in light of such information;

3 - The typical functions of the administration of a system are specifically mentioned in Annex B of the Privacy Code , where it includes an obligation for the holders to ensure the safekeeping of sensitive components of authentication credentials. We wanted, therefore, provide more control over who actually deals dell'assolvimento of the procedures required in the Annex B, or obligations that are typically assigned to the system administrator: implementation of backups, storage of credentials, management systems and authentication authorization, ect.;

4-Finally, there are certain offenses under the Criminal Code for which the play the role of system administrator is an aggravating circumstance (as an abuse of the system operator in access to system abuse information or computer - art. 615 ter - or computer fraud - art. 640 ter - or for cases of corruption of information, data and computer programs - Articles. 635bis and ter - and damage to computer systems and telematics - Articles. quinques and 635-c).

By that measure, the Guarantor has thus launched a further warning to all data controllers, invited to entrust this task, both as a manager in charge of both, to individuals that are reliable, first of all, as well as capable and experienced, because they must provide appropriate assurance of compliance with the provisions for proper treatment, including the profile information security (in consideration of responsibility, criminal and civil, that may arise in the case of careless or inappropriate name).

In fact, the holder may designate optionally one or more controllers, only between subjects' experience, capacity and reliability to provide appropriate guarantees of full compliance with the applicable provisions on treatment, including aspects relating to security "(Article 29, paragraph 2, of the Code). It will be necessary, therefore, with individual design, containing the detailed description of the areas of operation permitted under the authorization profile assigned.

All this must be observed six months after the publication of the measure for all treatments already in place or starting before 22.01.2009, and for subsequent processes, will be mandatory from the start.