PL&B UK E-news, Issue 85

1. Consultation launched on a new British data protection standard

The British Standards Institution invites comments on a new draft standard on the management of personal information. Developed by a committee of experts including representatives from industry, government and academia, the standard will apply to any organisation which holds personal data.

DPC BS 10012, expected to be published in June 2009, is a management systems standard, which aims to help compliance with the Data Protection Act. Rather than prescribing exactly how operations should be run, it provides the framework which will enable an organisation to effectively manage personal information.

The standard is written in a management system format of ‘Plan-Do-Check-Act’, which is already well-established in standards such as:

  • BS EN ISO 9001:2000 Quality management systems and
  • BS ISO/IEC 27001:2005 Information technology. Security techniques. Information security management systems. Requirements.

Gordon Wanless, Chairman of the DPC BS 10012 Drafting Panel and Chair of the Data Protection Forum, said: “This standard is the first of its kind in the area of Data Protection and is expected to be used widely by both public and private sector organisations. Data Protection has been the focus of much public attention over the last year and this standard will help organizations demonstrate that they are handling personal information responsibly. To ensure it is fit for purpose, it is extremely important that we receive comments on the draft standard, from both companies and individuals and I would encourage anyone with an interest to express their views.”

The deadline for comments is 31 March 2009.  

BSI is currently planning the development of an online tool and sector specific data protection guidance. Those interested in getting involved should contact Robert Turpin

Read more about the draft standard and how it will affect organisations in the February issue of the PL&B UK newsletter.

2. ASA boss recommended to be the new Information Commissioner

Justice Secretary, Jack Straw, has recommended that Advertising Standards Authority (ASA) Director General, Christopher Graham, should replace Richard Thomas on his retirement at the end of June.

The appointment is subject to approval by the House of Commons Justice Select Committee. Jack Straw invited the Committee on 13 January to hold a pre-appointment hearing with the purpose of vetting Graham, who is a former BBC journalist. He has been Director General at ASA since April 2000.

3. New Guidance for local government on data handling

The Local Government Association and Society of Information and Technology Management (Socitm) have published new guidelines to improve data handling and processing within local government.

The guidelines, which were prepared by working closely with councils to meet local government circumstances, address DP challenges with regard to people, places, processes and procedures.

The guidelines include raising awareness amongst staff, and emphasising that information is a key business asset. Its proper use is not simply an IT issue. All councils should ensure the security of their information through the physical security of their buildings, premises
and systems. There should be regular assessments of information risks, which should be discussed by senior management. All councils should check that they have proper document systems in place and that their suppliers and contractors, when handling their information, work to the same standards. All councils should produce a Corporate Information Risk Policy which sets out how they will implement the measures proposed in this guidance, as well as produce policies for risk reporting and risk recovery.

The Guidelines are published in November 2008.

4. Education and Skills Act has DP implications

The Education and Skills Act, which received Royal Assent 26 November 2008, raises some data sharing issues. The Act raises the age level from 16 to 18 when young people can leave education or training. The new provisions mainly apply to young people who are resident in England, but some areas of the Act extend to Scotland and Wales, and there are DP implications in terms of sharing data on qualifications, benefits and employment.

For further details on the Privacy Laws & Business UK Newsletter, please click here.

Copyright Privacy Laws & Business 2009