I have mixed feelings about this.

On the one hand I can see that having a standard will help those organisations that like standards to measure 
themselves and work towards a target.

On the other, there is now a big move in "Information Governance" of which Data Protection is a part (in my 
opinion). Large organisations are already aware of or working towards ISO15489 and more importantly (where DP is 
concerned) ISO27001 which is a comprehensive standard already.

Would it perhaps not be better to review 27001 and provide "degrees of compliance" on this, so that businesses are 
not swamped by ISO/BSI numbers? If done properly it would allow businesses to comply with parts of 27001 that are 
relevant, and not be confused by standards which may have cross-over with others. Ovviously this may not be 
practical, but I think that "another standard" is possibly overkill?

Just my initial, immediate thoughts.

Simon Howarth.



Quoting Gordon Wanless <[log in to unmask]>:

> Yesterday at the Data Protection Forum's December meeting I read out a
> statement about the fact that the BSi are to produce a British Standard on
> Data Protection.  I am sure this will be of interest to you, both from the
> point of view that they would like experts from the various sectors to
> express an interest in joining the panel who will construct the standard and
> also from the point of view that some of you may want to bid for some of the
> work that will be required.
>  
> I have reproduced the statement below in its entirety.
>  
> I would also like to take this opportunity to promote the Data Protection
> Forum to you, which for a yearly fee of £100 per member, per organisation,
> you get 4 meetings a year, plus a Christmas Lunch.  The forum covers more
> than just DP in so much as we have speakers on Information Security and
> Freedom of Information for example. Members of the forum cover both private
> and public sector. You can get more information and apply to join the forum
> at www.dpforum.org.uk
>  
> Gordon Wanless
> DP Forum Chair & also Chair of the BSi Panel which will develop the BS on
> Data Protection
>  
> The British Standards Institution (BSI) has started work on development of a
> formal British Standard on Data Protection. The aim of the proposed standard
> will be to provide organizations with a method of assessing and demonstrating
> their compliance with the requirements of the Data Protection Act 1998 (DPA).
>   The standard will be developed by a panel of experts under the direction of
> a formal BSI technical committee and in accordance with the BSI Standard, BS
> 0 which sets out the process for developing British Standards.  The task of
> the panel will be to develop a standard which identifies best practice
> guidance using their expert knowledge and experience of compliance with the
> DPA in the UK.   The BSI panel will consider information management standards
> such as BS ISO 27001 (Information Security Management), BS ISO 15489 (Records
> Management) and BS ISO 9001 (Quality Management) in the development of the
> proposed standard.  One of the first responsibilities of the panel will be to
> draft a scope statement clearly setting out the objectives of the standard,
> defining its content and stating any limitations.BSI is committed to
> obtaining input from all bodies with a significant interest in the topic. 
> This includes public bodies, consumer organizations, trade associations and
> bodies such as the DP Forum and other professional bodies.  The Information
> Commissioner has given his support to the proposal to develop a British
> Standard on Data Protection. BSI envisages the standard being used by
> organisations as a tool to assist in addressing their obligations under the
> Data Protection Act.Members of the DP Forum who are interested in the work
> and wish to find out more information should contact the Project Manager,
> Sheeba Mukadam.Email: [log in to unmask]  Gordon Wanless
> Information Governance ManagerT: 0191 203 5484
> F: 0191 244 6842
> M: 07894 392 760
> E: [log in to unmask]
> W: www.nhsbsa.nhs.uk
> 
> 
> ***  IMPORTANT NOTICE ***
> ***  NHSBSA DISCLAIMER ***
> 
> This e-mail and any attachments transmitted with it, including replies and
> forwarded copies subsequently transmitted (which may contain alterations),
> contains information which may be confidential and which may also be
> privileged.
> 
> The content of this e-mail is for the exclusive use of the intended
> recipient(s). If you are not the intended recipient(s), or the person
> authorised as responsible for delivery to the intended recipient(s), please
> note that any form of distribution, copying or use of this e-mail
> or the information in it is strictly prohibited and may be unlawful.
> 
> If you have received this e-mail in error please notify the Help Desk at
> the NHS Business Services Authority, Prescription Pricing Division via e-mail
> to [log in to unmask] including a copy of this message. Please then delete this
> e-mail and destroy any copies of it.
> 
> Further, we make every effort to keep our network free from viruses.
> However, you do need to validate this e-mail and any attachments to it for
> viruses, as we can take no responsibility for any computer virus that might
> be transferred by way of this e-mail.
> 
> This e-mail is from the NHS Business Services Authority whose principal
> office is at Bridge House, 152 Pilgrim Street, Newcastle-upon-Tyne, NE1 6SN.
> 
> Switchboard Telephone Number :- +44 (0)191 232 5371
> 
> 
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>      All archives of messages are stored permanently and are
>       available to the world wide web community at large at
>       http://www.jiscmail.ac.uk/lists/data-protection.html
>      If you wish to leave this list please send the command
>        leave data-protection to [log in to unmask]
> All user commands can be found at
> http://www.jiscmail.ac.uk/help/commandref.htm
>  Any queries about sending or receiving messages please send to the list
> owner
>               [log in to unmask]
>   Full help Desk - please email [log in to unmask] describing your
> needs
>         To receive these emails in HTML format send the command:
>          SET data-protection HTML to [log in to unmask]
>    (all commands go to [log in to unmask] not the list please)
>     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> 
> 


-- 
Simon Howarth
The Information Edge
37 The Grange
Cottam
Preston
PR4 0LR

Office: 0870 991 3696
Mobile: 07836 365588

Webtech Systems trading as The Information Edge, registered in England No. 
3428632. More information available at www.informationedge.co.uk

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^