Almost one in five businesses has unwittingly breached the Data Protection Act (DPA) at least once according to a survey of over 500 small and medium businesses conducted by BSI. Of these, nearly half said they had breached the Act on several occasions and an additional 18% said they were not sure whether they had or not. A ‘breach’ could refer to the illegal transfer of information to a third party, failure to hold information securely or neglect of other legal obligations.
The new British Standard, BS 10012:2009 Data protection. Specification for a personal information management system was launched on 2 June and has been developed to establish best practice and aid compliance with data protection legislation. It is the first standard for the management of personal information.
The launch of the standard was covered by a wide range of online news sources including, Yahoo News, Computing.co.uk, HRmagazine.co.uk, as well as in the regional press. Watch Breda Corish , Head of Market Development, ICT and Healthcare, BSI talking about BS 10012 here: Top Tips on Adhering to Data Protection Act
Rather than prescribing exactly how operations should be run, BS 10012 provides the framework which will enable effective management of personal information. It can be used by organizations of any size and sector to create a tailored management system which includes procedures in areas such as training and awareness, risk assessment, data sharing, retention and disposal of data and disclosure to third parties.
More information about BS 10012 can be found on the BSI News Room web page
Return to Summer 2009 Committee e-newsletter
