Our Director covers Finance, IT, HR and Corporate Admin & Legal and I
cover Inducton for DP/FOI and most things are in place already i.e.
confidentiality statements etc.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Paul Ticher
Sent: 13 January 2009 12:51
To: [log in to unmask]
Subject: Re: BSI British Standards invites comments on a new draft
standard on the management of personal information
I agree that IT and security have a big role to play, but technical
measures are only one part of one of the eight principles. Can IT also
be responsible for the organisational measures (physical access to key
areas, induction briefings for new staff, training in how to conduct
phone conversations so that information is not inadvertently disclosed
to unauthorised people, confidentiality requirements in staff contracts
... ) let alone the remaining Principles? The danger is that a Data
Protection person coming under the IT department doesn't carry
sufficient weight with other departments to get a consistent approach
across the organisation.
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal
data for direct marketing purposes.
----- Original Message -----
From: "Broom, Doreen" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, January 13, 2009 12:08 PM
Subject: Re: BSI British Standards invites comments on a new draft
standard on the management of personal information
Although you say it is not technical but a management isuse, the 7th
principle states that appropriate technical and organisational measures
shall be taken against unauthoprised or unlawful processing of personal
data and against accidental loss or detruction of or damage to personal
data. I used to be part of IT and a review has just been done and it
appears I am heading back that way which I think is not a bad thing as
are Records Management/Communications (website etc) and I have always
worked closely with the IT Security manager so to be going back I think
is a move in the right direction.
________________________________
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Tim Trent
Sent: 13 January 2009 11:47
To: [log in to unmask]
Subject: Re: BSI British Standards invites comments on a new draft
standard on the management of personal information
I would suggest most strongly that you place that comment on the draft,
Paul, and that others make comments positive and negative on the draft.
It is not that often that we get to influence something and it would be
rude to miss the chance.
Paul Ticher wrote:
I've not had time to look at the draft, but the fact that it is listed
under ICT & Electronics does not inspire confidence. I have a constant
battle to get clients to realise that Data Protection is a management
issue, not a technical one, and certainly not one that can be left to
the IT manager (though of course they do make a big contribution on the
security aspects of Data Protection).
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal
data for direct marketing purposes.
----- Original Message ----- From: "Gordon Wanless"
<[log in to unmask]> <mailto:[log in to unmask]>
To: <[log in to unmask]>
<mailto:[log in to unmask]>
Sent: Thursday, January 08, 2009 5:00 PM
Subject: BSI British Standards invites comments on a new draft standard
on the management of personal information
Folks,
I thought you would probably be interested in a press release that has
just gone out from BSi.
Regards,
Gordon.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~
MEDIA RELEASE
8 January 2009
PUBLIC TO HAVE THEIR SAY ON NEW DATA PROTECTION STANDARD
BSI British Standards invites comments on a new draft standard on the
management of personal information. Once published, the standard will
assist organizations in complying with the Data Protection Act 1998.
DPC BS 10012, can be viewed and commented on at www.bsigroup.com/drafts
Developed by a committee of experts including representatives from
industry, government and academia, DPC BS 10012 is applicable to any
organization which holds the personal information of living individuals.
Once published, this standard will enable organizations to put in place
an infrastructure for maintaining and improving compliance with the Data
Protection Act.
DPC BS 10012, expected to be published in June 2009, is a management
systems standard. Rather than prescribing exactly how operations should
be run it provides the framework which will enable an organization to
effectively manage personal information. For example, the standard
focuses on ensuring that an organization provides sufficient guidance
and resources (e.g. staffing), and creates a positive culture within
which data processing can occur.
The management system format of 'Plan-Do-Check-Act', in which this
standard is written, is well-established in standards such as BS EN ISO
9001:2000 Quality management systems and BS ISO/IEC 27001:2005
Information technology. Security techniques. Information security
management systems. Requirements.
Gordon Wanless, Chairman of the DPC BS 10012 Drafting Panel and Chair of
the Data Protection Forum, said: "This standard is the first of its
kind in the area of Data Protection and is expected to be used widely by
both public and private sector organizations. Data Protection has been
the focus of much public attention over the last year and this standard
will help organizations demonstrate that they are handling personal
information responsibly. To ensure it is fit for purpose, it is
extremely important that we receive comments on the draft standard, from
both companies and individuals and I would encourage anyone with an
interest to express their views."
The public review period for DPC BS 10012 closes on 31 March 2009.
Data Protection guidance for your sector
In addition to the new draft standard, British Standards has a number of
publications which provide guidance on the processing of data (some of
these will be updated upon publication of BS 10012):
* BIP 0012 Data Protection Guide
* BIP 0050 Data Protection Pocket Guide - Essential Facts At Your
Fingertips
* BIP 0011 Privacy in E-business - Promoting Respect, Trust and
Confidence in your Organization
* BIP 0002 Guidelines for the Use of Personal Data in System Testing BSI
is currently planning the development of an online tool and sector
specific data protection guidance. Those interested in getting involved
should contact Robert Turpin [log in to unmask]
For more information please contact:
Lucy Fulton
PR Officer, BSI British Standards
020 8996 7248 [log in to unmask]
Notes to Editors
About BSI British Standards
BSI British Standards is the UK's National Standards Body, recognized
globally for its independence, integrity and innovation in the
production of standards and information products that promote and share
best practice. BSI works with businesses, consumers and government to
represent UK interests and to make sure that British, European and
international standards are useful, relevant and authoritative. For
further information please visit www.bsigroup.com/britishstandards.
About BSI Group
BSI British Standards is part of BSI Group, a global independent
business services organization that inspires confidence and delivers
assurance to customers with standards-based solutions. Originating as
the world's first national standards body, the Group has over 2,300
staff operating in over 120 countries through more than 50 global
offices. The Group's key offerings are:
* The development and sale of private, national and international
standards and supporting information
* Second and third-party management systems assessment and certification
* Product testing and certification of services and products
* Performance management software solutions
* Training services in support of standards implementation and business
best practice.
For further information please visit www.bsigroup.com.
Ends
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~
Gordon Wanless
Information Governance Manager
T: 0191 203 5484
F: 0191 244 6842
M: 07500 882 525
E: [log in to unmask]
W: www.nhsbsa.nhs.uk
*** IMPORTANT NOTICE ***
*** NHSBSA DISCLAIMER ***
This e-mail and any attachments transmitted with it, including replies
and forwarded copies subsequently transmitted (which may contain
alterations), contains information which may be confidential and which
may also be privileged.
The content of this e-mail is for the exclusive use of the intended
recipient(s). If you are not the intended recipient(s), or the person
authorised as responsible for delivery to the intended recipient(s),
please note that any form of distribution, copying or use of this e-mail
or the information in it is strictly prohibited and may be unlawful.
If you have received this e-mail in error please notify the Help Desk at
the NHS Business Services Authority, Prescription Pricing Division via
e-mail to [log in to unmask] including a copy of this message.
Please then delete this e-mail and destroy any copies of it.
Further, we make every effort to keep our network free from viruses.
However, you do need to validate this e-mail and any attachments to it
for viruses, as we can take no responsibility for any computer virus
that might be transferred by way of this e-mail.
This e-mail is from the NHS Business Services Authority whose principal
office is at Bridge House, 152 Pilgrim Street, Newcastle-upon-Tyne, NE1
6SN.
Switchboard Telephone Number :- +44 (0)191 232 5371
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands
can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list
please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands
can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list
please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
________________________________
Tim Trent - Consultant
Tel: +44 (0)7710 126618
web: ComplianceAndPrivacy.com - where busy executives go to find the
news first personal blog: timtrent.blogspot.com/ - news, views, and
opinions personal website: Tim's Personal Website
<http://www.trent.karoo.net> - more than anyone needs to know
Marketing by Permission
<http://feeds.feedburner.com/%7Er/MarketingByPermission/%7E6/1>
Important: This message is private and confidential. If you have
received this message in error, please notify us and remove it from your
system. This email and any attachment(s) are believed to be virus-free,
but it is the responsibility of the recipient to make all the necessary
virus checks. This email and any attachments to it are copyright of
Meadowood Associates, owners of Compliance And Privacy, unless otherwise
stated. Their copying, transmission, reproduction in whole or in part
may only be undertaken with the express permission, in writing, of
Meadowood Associates, at Meadowood House, 30 Redditch, Bracknell,
Berkshire, RG12 0TT.
________________________________
All archives of messages are stored permanently and are available to the
world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of
the email if you are receiving emails in HTML format):
* Leaving this list: send leave data-protection to
[log in to unmask] <mailto:[log in to unmask]&BODY=LEAVE
data-protection>
* Suspending emails from all JISCMail lists: send SET * NOMAIL to
[log in to unmask] <mailto:[log in to unmask]&BODY=SET *
NOMAIL>
* To receive emails from this list in text format: send SET
data-protection NOHTML to [log in to unmask]
<mailto:[log in to unmask]&BODY=SET data-protection NOHTML>
* To receive emails from this list in HTML format: send SET
data-protection HTML to [log in to unmask]
<mailto:[log in to unmask]&BODY=SET data-protection HTML>
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body
of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list
owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the
moderators, and all requests for technical help to
[log in to unmask], the general office helpline)
________________________________
**********************************************************************
This email and any files transmitted with it are privileged,
confidential and subject to copyright. Any unauthorised use or
disclosure of any part of this email is prohibited. If you are not the
intended recipient please inform the sender immediately; you should then
delete the email and remove any copies from your system.
The views or opinions expressed in this communication may not
necessarily be those of Scottish Borders Council.
Please be advised that Scottish Borders Council's incoming and outgoing
GSX email is subject to regular monitoring and any email may require to
be disclosed by the Council under the provisions of the Freedom of
Information
(Scotland) Act 2002.
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user
commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user
commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**********************************************************************
This email and any files transmitted with it are privileged, confidential and subject to copyright. Any unauthorised use or disclosure of any part of this email is prohibited. If you are not the intended recipient please inform the sender immediately; you should then delete the email and remove any copies from your system.
The views or opinions expressed in this communication may not necessarily be those of Scottish Borders Council.
Please be advised that Scottish Borders Council's incoming and outgoing GSX email is subject to regular monitoring and any email may require to be disclosed by the Council under the provisions of the Freedom of Information (Scotland) Act 2002.
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|