Thursday 15 October 2009

New data protection resources

The DCC has published a new standards watch paper on BS 10012 Data Protection — Specification for a Personal Information Management System.

The standard, which is the first British standard for the management of personal information was introduced in May this year. It was developed by the British Standards Insitute (BSI) to provide a framework that enables effective management of personal information, paving the way for an infrastructure for maintaining and improving compliance with data protection legislation.

Take a read of the new DCC Standards Watch Paper here.

In related news, BSI has launched BSI Data Protection Online, a tool designed to help organisations with the effective management of personal information.

Research carried out by BSI earlier this year found that many organisations are falling behind in their approach to data protection, with almost one in five surveyed admitting to unwittingly breaching the Data Protection Act.

The new online self-assessment tool offers guidance and self-assessment in support of BS 10012. It is applicable to any organisation that holds personal information, regardless of its size, complexity and sector. It allows organisations to undertake a self-assessment process against the requirements of BS 10012 and embed data protection best practice within the organisation.

Specifically, the resource will allow you to:
• Undertake a self-assessment process against the requirements of BS 10012
• Get contextual help throughout the process, written by data protection experts
• Start new, or amend existing, self-assessments whenever needed allowing you to track your progress
• Share self-assessments with colleagues and embed data protection best practice within your organization.

Mike Low, Director, Standards, BSI, said:
"Our recent survey showed that there are many organisations out there struggling with data protection. With the Information Commissioner’s growing compulsory audit powers it is more important than ever to make sure that your data protection practices are up to scratch. If you hold personal information, whether it relates to staff, clients, customers or members, you need to be familiar with current legislation and confident that your own organisation measures up."