I have mixed feelings about this.
On the one hand I can see that having a standard will help those organisations that like standards to measure
themselves and work towards a target.
On the other, there is now a big move in "Information Governance" of which Data Protection is a part (in my
opinion). Large organisations are already aware of or working towards ISO15489 and more importantly (where DP is
concerned) ISO27001 which is a comprehensive standard already.
Would it perhaps not be better to review 27001 and provide "degrees of compliance" on this, so that businesses are
not swamped by ISO/BSI numbers? If done properly it would allow businesses to comply with parts of 27001 that are
relevant, and not be confused by standards which may have cross-over with others. Ovviously this may not be
practical, but I think that "another standard" is possibly overkill?
Just my initial, immediate thoughts.
Simon Howarth.
Quoting Gordon Wanless <[log in to unmask]>:
> Yesterday at the Data Protection Forum's December meeting I read out a
> statement about the fact that the BSi are to produce a British Standard on
> Data Protection. I am sure this will be of interest to you, both from the
> point of view that they would like experts from the various sectors to
> express an interest in joining the panel who will construct the standard and
> also from the point of view that some of you may want to bid for some of the
> work that will be required.
>
> I have reproduced the statement below in its entirety.
>
> I would also like to take this opportunity to promote the Data Protection
> Forum to you, which for a yearly fee of £100 per member, per organisation,
> you get 4 meetings a year, plus a Christmas Lunch. The forum covers more
> than just DP in so much as we have speakers on Information Security and
> Freedom of Information for example. Members of the forum cover both private
> and public sector. You can get more information and apply to join the forum
> at www.dpforum.org.uk
>
> Gordon Wanless
> DP Forum Chair & also Chair of the BSi Panel which will develop the BS on
> Data Protection
>
> The British Standards Institution (BSI) has started work on development of a
> formal British Standard on Data Protection. The aim of the proposed standard
> will be to provide organizations with a method of assessing and demonstrating
> their compliance with the requirements of the Data Protection Act 1998 (DPA).
> The standard will be developed by a panel of experts under the direction of
> a formal BSI technical committee and in accordance with the BSI Standard, BS
> 0 which sets out the process for developing British Standards. The task of
> the panel will be to develop a standard which identifies best practice
> guidance using their expert knowledge and experience of compliance with the
> DPA in the UK. The BSI panel will consider information management standards
> such as BS ISO 27001 (Information Security Management), BS ISO 15489 (Records
> Management) and BS ISO 9001 (Quality Management) in the development of the
> proposed standard. One of the first responsibilities of the panel will be to
> draft a scope statement clearly setting out the objectives of the standard,
> defining its content and stating any limitations.BSI is committed to
> obtaining input from all bodies with a significant interest in the topic.
> This includes public bodies, consumer organizations, trade associations and
> bodies such as the DP Forum and other professional bodies. The Information
> Commissioner has given his support to the proposal to develop a British
> Standard on Data Protection. BSI envisages the standard being used by
> organisations as a tool to assist in addressing their obligations under the
> Data Protection Act.Members of the DP Forum who are interested in the work
> and wish to find out more information should contact the Project Manager,
> Sheeba Mukadam.Email: [log in to unmask] Gordon Wanless
> Information Governance ManagerT: 0191 203 5484
> F: 0191 244 6842
> M: 07894 392 760
> E: [log in to unmask]
> W: www.nhsbsa.nhs.uk
>
>
> *** IMPORTANT NOTICE ***
> *** NHSBSA DISCLAIMER ***
>
> This e-mail and any attachments transmitted with it, including replies and
> forwarded copies subsequently transmitted (which may contain alterations),
> contains information which may be confidential and which may also be
> privileged.
>
> The content of this e-mail is for the exclusive use of the intended
> recipient(s). If you are not the intended recipient(s), or the person
> authorised as responsible for delivery to the intended recipient(s), please
> note that any form of distribution, copying or use of this e-mail
> or the information in it is strictly prohibited and may be unlawful.
>
> If you have received this e-mail in error please notify the Help Desk at
> the NHS Business Services Authority, Prescription Pricing Division via e-mail
> to [log in to unmask] including a copy of this message. Please then delete this
> e-mail and destroy any copies of it.
>
> Further, we make every effort to keep our network free from viruses.
> However, you do need to validate this e-mail and any attachments to it for
> viruses, as we can take no responsibility for any computer virus that might
> be transferred by way of this e-mail.
>
> This e-mail is from the NHS Business Services Authority whose principal
> office is at Bridge House, 152 Pilgrim Street, Newcastle-upon-Tyne, NE1 6SN.
>
> Switchboard Telephone Number :- +44 (0)191 232 5371
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list
> owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your
> needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>
>
--
Simon Howarth
The Information Edge
37 The Grange
Cottam
Preston
PR4 0LR
Office: 0870 991 3696
Mobile: 07836 365588
Webtech Systems trading as The Information Edge, registered in England No.
3428632. More information available at www.informationedge.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|