The British Computer Society (BCS), in partnership with the Information Security Awareness Forum (ISAF), has launched the Personal Data Guardianship Code (PDGC) in an effort to change the culture of organisations towards the handling of personal data. The code is intended to help organisations and personnel handling personal data understand their individual responsibilities. It promotes best practice and provides 'common sense' guidance.
At the same time British Standard, BS10012 Data protection specification for a personal information management system has been issued to establish best practice and aid compliance with data protection legislation.
BCS and the ISAF have produced the code in direct response to the number of high profile data breaches in recent years, including several in government offices. It follows sustained activity by BCS on the topic of security and data protection. Louise Bennett, Chair of the BCS Security Forum, explained: 'The consultations we've undertaken in the last two years exposed the need for practical help in changing culture to embed good data guardianship principles in all organisations. This is the equivalent of the Highway Code for motorists - it will help all those involved in the management of personal data understand their role and enable them to carry out their jobs better.'
BS 10012 specifies the requirements for a personal information management system (PIMS), which provides an infrastructure for, among other things, maintaining and improving compliance with the Data Protection Act (DPA) 1998. Rather than prescribing exactly how operations should be run, BS 10012 provides the framework which will enable effective management of personal information. It can be used by organizations of any size and sector to create a tailored management system which includes procedures in areas such as training and awareness, risk assessment, data sharing, retention and disposal of data and disclosure to third parties. BS 10012, was developed by a panel of experts including representatives from industry, government, academia and consumer groups. A three month public comment period produced a high number of comments all of which were considered by the panel before preparation of the final version of the standard.
The PDGC has already been criticized for a certain lack of clarity with regard to whether consent is required for holding certain data, or whether it is sufficient just to notify those concerned. On the other hand, when it comes to 'best practice', it has been stated that seeking consent is often preferable, even when it is not legally required.
End-users may be forgiven for being perplexed at the simultaneous publication of two guides ostensibly for the same purpose. Yet almost one in five businesses has unwittingly breached the Data Protection Act at least once according to a survey of over 500 small and medium businesses conducted by the British Standards Institute. Just one guide with clearly outlined procedures is what is needed.
.
Network Tweets
Network BlogsContent
provided by
|
Archive | Resources | Partners | Site Map | Links | Newsletter Archive | Contact | RSS Feeds | About | Syndication | Advertising & Marketing | Recruitment | Terms & Conditions | Privacy & Cookies
Copyright © 2012 - All Rights Reserved - Tax-News.com
IMPORTANT NOTICE: Tax-News.com has taken reasonable care in sourcing and presenting the information contained on this site, but accepts no responsibility for any financial or other loss or damage that may result from its use. In particular, users of the site are advised to take appropriate professional advice before committing themselves to involvement in offshore jurisdictions, offshore trusts or offshore investments.
Write a comment