BSI British Standards offers new standard DPC BS 10012. The standard is applicable to any organization which holds the personal information of living individuals. Once published, this standard will enable organizations to put in place an infrastructure for maintaining and improving compliance with the Data Protection Act 1998.
DPC BS 10012, expected to be published in June 2009, is a management systems standard. Rather than prescribing exactly how operations should be run it provides the framework which will enable anorganization to effectively manage personal information.
The standard focuses on ensuring that an organization provides sufficient guidance and resources (e.g. staffing), and creates a positive culture within which data processing can occur.
The management system format of ‘Plan-Do-Check-Act’, in which this standard is written, is well established in standards such as BS EN ISO 9001:2000 Quality management systems and BS ISO/IEC 27001:2005 Information technology. Security techniques. Information security management systems. Requirements.
“This standard is the first of its kind in the area of Data Protection and is expected to be used widely by both public and private sector organizations,” says Gordon Wanless, chairman of the DPC BS 10012
Drafting Panel and chair of the Data Protection Forum. “Data Protection has been the focus of much public attention over the last year and this standard will help organizations demonstrate that they are handling personal information responsibly.”
“To ensure it is fit for purpose, it is extremely important that we receive comments on the draft standard, from both companies and individuals and I would encourage anyone with an interest to express their views.”
BSI invites comments on a new draft standard on the management of personal information. The public review period for DPC BS 10012 closes on 31 March 2009. DPC BS 10012, can be viewed and commented on at www.bsigroup.com/drafts.
L.D.