New Standard Assisting Organisations Comply with the Data Protection Act
Background and Objectives
In May 2009, British Standards Institution (BSI) published the first ever standard to focus on the management of personal information. It has been developed to enable organisations to develop and implement a personal information management system (PIMS), thus providing an infrastructure for improving compliance with data protection legislation and, in particular, the Data Protection Act 1998 (DPA).
The development of BS 10012 can be seen as a response to the increasing focus on personal data protection and the fact that more and more organisations are opting to keep data. As Richard Thomas, Information Commissioner commented on 7 January 2009 to a Justice Select Committee "It is often said that it is now cheaper to store data than delete it." The seemingly endless spate of recent high profile data losses also, undoubtedly, contributed to the development of this Standard.
The BS 10012 Standard enables organisations, from both the public and private sectors in the UK to put in place an infrastructure for maintaining and improving compliance with the DPA.
Framework Approach based on Continuous Improvement
BS 10012 is not a prescriptive Standard. It adopts a 'framework' approach within which organisations can more effectively manage personal information. Organisations can create bespoke management systems which include processes to address risk assessment, training and awareness as well as key data protection issues such as the sharing, retention, disposal and disclosure of information. Organisations are encouraged to ensure sufficient guidance and resources are allocated to data protection and that a positive culture exists in which data protection can occur. The Standard follows the classic ‘Plan-Do-Check-Act’ model of continuous improvement as utilised by standards such as ISO 27001 and BS 25999.
Benefits
Ultima Risk Management believes that the introduction of BS 10012 represents an important milestone in providing organisations with an ideal framework to adopt in order to improve compliance with the DPA. As Lisa Dargan Business Development Director at URM explains "Protecting personal information is a key and growing issue for organisations of all sizes and from both the private and public sectors. Being able to demonstrate to key stakeholders including customers and suppliers that your organisation complies with the DPA has always been a challenge. BS 10012 represents a major breakthrough in this respect and will enable organisations to demonstrate that they are handling personal information in a structured and responsible way. I would strongly recommend that any organisation which needs to demonstrate its compliance with the DPA, reviews and adopts this Standard.
Further Information
For more information on BS 10012 please go to BSI product page on BS 10012.
If you are interested in understanding how your own organisation can benefit from adopting this Standard, please email info@ultimariskmanagement.com
