Law Decree no. 5 of the 9th of February 2012 has been published in the Italian Official Journal (no.33, February 9, 2012).
The decree which is effective from February 10 provides for the abolition of the security policy document.
As previously highlighted on this blog, although an easing of requirements for entities that process personal data has been provided, this does not mean that there are no obligations relating to the adoption of minimum safety measures.
However, the programming of the security policy document may still be an instrument which, although no longer obligatory, may be useful in a civil trial to cover any claims for damages in cases of data breach in violation of the law for the protection of personal data.
In addition, art. 21, section 1 bis of the Privacy Code provides for the introduction of a provision on judicial data, the treatment of which is permitted if carried out in accordance with provisions for the prevention of the phenomenon of organized crime concluded with the Italian Interior Ministry or its branch offices which may specify the type of data used and what can be done with it.