Wednesday, 22 July 2009

First British Standard in Data Protection

You may have read recently about the introduction of the first British Standard dealing specifically with Data Protection.

BS10012 Data protection. Specification for a personal information management system has been developed to establish best practice and aid compliance with data protection legislation. It is the first standard for the management of personal information.

The British Standards Institute website explains that BS10012 “specifies the requirements for a personal information management system (PIMS), which provides an infrastructure for, among other things, maintaining and improving compliance with the Data Protection Act (DPA) 1998.”

The new standard does not prescribe exactly how operations should be run, but instead provides a framework which will enable effective management of personal information. It is intended that it be used by organizations of any size and sector to create a tailored management system which includes procedures in areas such as training and awareness, risk assessment, data sharing, retention and disposal of data and disclosure to third parties.

The DCC will be publishing a Standards Watch Paper written by Sarah Higgins on BS10012 shortly. I will be sure to let you know once this is out.

For more information on the Data Protection Act please see this DCC Briefing Paper on the topic.

No comments: