Focus on Information Management

Data Protection Compliance

There have been a significant number of data protection related developments recently which impact on organisations in the public and private sectors. Organisations will be mindful, especially in light of many high profile security breaches of late, that when handling personal information they must comply with the Data Protection Act 1998.

New Privacy Notice Codes of Practice

The Information Commissioner has launched a new Privacy Notices Code of Practice. The Code is of great practical significance as it contains guidance on how to draft clear and genuinely informative privacy notices. The Code is intended to help to ensure that personal information is collected fairly and transparently and individuals understand how their information will be used and what the consequences will be.

The Code is available at:- download

Collecting personal information on-line

On a closely related subject the Information Commissioner’s Office has announced that it is starting work on a new Code of Practice for the collection of online data. It is felt that current guidance in this area is sparse compared to the amount of complaints and requests for guidance which the Information Commissioner’s Office has been receiving. So look out for developments in the near future.

Privacy Impact Assessment Tool

The Information Commissioner has issued an updated version of his Privacy Impact Assessment handbook. The handbook is aimed at organisations which are developing projects that might have implications for individuals’ privacy. It is intended to help organisations to assess and identify any privacy concerns and address them at an early stage of the project rather than as a costly afterthought.

For more information click here.

Personal Data Guardianship Code

The British Computer Society and Information Security Awareness Forum have jointly launched the Personal Data Guardianship Code. Although not legally binding, the Guardianship Code is aimed at helping organisations and the people in them who handle personal information to understand their individual responsibilities. The Guardianship Code aims to promote best practice and provide common sense guidance. Working on five key principles of good data governance, namely, accountability, visibility, consent, access and stewardship the Code is intended to instruct and offer constructive guidance on data protection. The Code is available here.

New standard on personal information management

British Standards (BSI) has launched a new standard on personal information management. BS 10012 is designed to help organisations comply with UK data protection laws. It does so by providing guidance on various issues, including training and awareness, risk assessment, and the retention, disposal and disclosure of data. For further information click here.