BSI launches Data Protection Standard 10012 - June 2009
“BS 10012:2009 Data Protection – Specification for a personal information management system”
specifies the requirements for a personal information management system (PIMS), which provides an infrastructure for maintaining and improving compliance with the Data Protection Act 1998.
According to the BSI the standard “provides the framework which will enable effective management of personal information. It can be used by organisations of any size and sector to create a tailored management system which includes procedures in areas such as training and awareness, risk assessment, data sharing, retention and disposal of data and disclosure to third parties.” Other BSI standards cover security and processing best practice but this is the first designed specifically to establish a regime of overall compliance with the Act.
The launch comes hot on the heels of BSI’s own research into how businesses cope with the Act. In a sample of 500 small and medium sized businesses, one in five admitted to breaching the act and a third stated that the complexity of the legislation restricted their ability to comply.
Other recent items: