I agree that IT and security have a big role to play, but technical measures
are only one part of one of the eight principles. Can IT also be
responsible for the organisational measures (physical access to key areas,
induction briefings for new staff, training in how to conduct phone
conversations so that information is not inadvertently disclosed to
unauthorised people, confidentiality requirements in staff contracts ... )
let alone the remaining Principles? The danger is that a Data Protection
person coming under the IT department doesn't carry sufficient weight with
other departments to get a consistent approach across the organisation.
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my personal data
for direct marketing purposes.
----- Original Message -----
From: "Broom, Doreen" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, January 13, 2009 12:08 PM
Subject: Re: BSI British Standards invites comments on a new draft standard
on the management of personal information
Although you say it is not technical but a management isuse, the 7th
principle states that appropriate technical and organisational measures
shall be taken against unauthoprised or unlawful processing of personal
data and against accidental loss or detruction of or damage to personal
data. I used to be part of IT and a review has just been done and it
appears I am heading back that way which I think is not a bad thing as
are Records Management/Communications (website etc) and I have always
worked closely with the IT Security manager so to be going back I think
is a move in the right direction.
________________________________
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Tim Trent
Sent: 13 January 2009 11:47
To: [log in to unmask]
Subject: Re: BSI British Standards invites comments on a new draft
standard on the management of personal information
I would suggest most strongly that you place that comment on the draft,
Paul, and that others make comments positive and negative on the draft.
It is not that often that we get to influence something and it would be
rude to miss the chance.
Paul Ticher wrote:
I've not had time to look at the draft, but the fact that it is
listed under ICT & Electronics does not inspire confidence. I have a
constant battle to get clients to realise that Data Protection is a
management issue, not a technical one, and certainly not one that can be
left to the IT manager (though of course they do make a big contribution
on the security aspects of Data Protection).
Paul Ticher
0116 273 8191
22 Stoughton Drive North, Leicester LE5 5UB
I hereby require any recipient of this message not to use my
personal data
for direct marketing purposes.
----- Original Message ----- From: "Gordon Wanless"
<[log in to unmask]> <mailto:[log in to unmask]>
To: <[log in to unmask]>
<mailto:[log in to unmask]>
Sent: Thursday, January 08, 2009 5:00 PM
Subject: BSI British Standards invites comments on a new draft
standard on the management of personal information
Folks,
I thought you would probably be interested in a press release
that has just gone out from BSi.
Regards,
Gordon.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~
MEDIA RELEASE
8 January 2009
PUBLIC TO HAVE THEIR SAY ON NEW DATA PROTECTION STANDARD
BSI British Standards invites comments on a new draft standard
on the management of personal information. Once published, the standard
will assist organizations in complying with the Data Protection Act
1998. DPC BS 10012, can be viewed and commented on at
www.bsigroup.com/drafts
Developed by a committee of experts including representatives
from industry, government and academia, DPC BS 10012 is applicable to
any organization which holds the personal information of living
individuals. Once published, this standard will enable organizations to
put in place an infrastructure for maintaining and improving compliance
with the Data Protection Act.
DPC BS 10012, expected to be published in June 2009, is a
management systems standard. Rather than prescribing exactly how
operations should be run it provides the framework which will enable an
organization to effectively manage personal information. For example,
the standard focuses on ensuring that an organization provides
sufficient guidance and resources (e.g. staffing), and creates a
positive culture within which data processing can occur.
The management system format of 'Plan-Do-Check-Act', in which
this standard is written, is well-established in standards such as BS EN
ISO 9001:2000 Quality management systems and BS ISO/IEC 27001:2005
Information technology. Security techniques. Information security
management systems. Requirements.
Gordon Wanless, Chairman of the DPC BS 10012 Drafting Panel and
Chair of the Data Protection Forum, said: "This standard is the first
of its kind in the area of Data Protection and is expected to be used
widely by both public and private sector organizations. Data Protection
has been the focus of much public attention over the last year and this
standard will help organizations demonstrate that they are handling
personal information responsibly. To ensure it is fit for purpose, it
is extremely important that we receive comments on the draft standard,
from both companies and individuals and I would encourage anyone with an
interest to express their views."
The public review period for DPC BS 10012 closes on 31 March
2009.
Data Protection guidance for your sector
In addition to the new draft standard, British Standards has a
number of publications which provide guidance on the processing of data
(some of these will be updated upon publication of BS 10012):
* BIP 0012 Data Protection Guide
* BIP 0050 Data Protection Pocket Guide - Essential Facts At
Your Fingertips
* BIP 0011 Privacy in E-business - Promoting Respect, Trust and
Confidence in your Organization
* BIP 0002 Guidelines for the Use of Personal Data in System
Testing
BSI is currently planning the development of an online tool and
sector specific data protection guidance. Those interested in getting
involved should contact Robert Turpin [log in to unmask]
For more information please contact:
Lucy Fulton
PR Officer, BSI British Standards
020 8996 7248 [log in to unmask]
Notes to Editors
About BSI British Standards
BSI British Standards is the UK's National Standards Body,
recognized globally for its independence, integrity and innovation in
the production of standards and information products that promote and
share best practice. BSI works with businesses, consumers and government
to represent UK interests and to make sure that British, European and
international standards are useful, relevant and authoritative. For
further information please visit www.bsigroup.com/britishstandards.
About BSI Group
BSI British Standards is part of BSI Group, a global independent
business services organization that inspires confidence and delivers
assurance to customers with standards-based solutions. Originating as
the world's first national standards body, the Group has over 2,300
staff operating in over 120 countries through more than 50 global
offices. The Group's key offerings are:
* The development and sale of private, national and
international standards and supporting information
* Second and third-party management systems assessment and
certification
* Product testing and certification of services and products
* Performance management software solutions
* Training services in support of standards implementation and
business best practice.
For further information please visit www.bsigroup.com.
Ends
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~
Gordon Wanless
Information Governance Manager
T: 0191 203 5484
F: 0191 244 6842
M: 07500 882 525
E: [log in to unmask]
W: www.nhsbsa.nhs.uk
*** IMPORTANT NOTICE ***
*** NHSBSA DISCLAIMER ***
This e-mail and any attachments transmitted with it, including
replies and forwarded copies subsequently transmitted (which may contain
alterations), contains information which may be confidential and which
may also be privileged.
The content of this e-mail is for the exclusive use of the
intended
recipient(s). If you are not the intended recipient(s), or the
person
authorised as responsible for delivery to the intended
recipient(s), please note that any form of distribution, copying or use
of this e-mail
or the information in it is strictly prohibited and may be
unlawful.
If you have received this e-mail in error please notify the Help
Desk at
the NHS Business Services Authority, Prescription Pricing
Division via e-mail to [log in to unmask] including a copy of this message.
Please then delete this e-mail and destroy any copies of it.
Further, we make every effort to keep our network free from
viruses.
However, you do need to validate this e-mail and any attachments
to it for viruses, as we can take no responsibility for any computer
virus that might be transferred by way of this e-mail.
This e-mail is from the NHS Business Services Authority whose
principal office is at Bridge House, 152 Pilgrim Street,
Newcastle-upon-Tyne, NE1 6SN.
Switchboard Telephone Number :- +44 (0)191 232 5371
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to
the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask]
describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list
please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to
the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask]
describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list
please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
________________________________
Tim Trent - Consultant
Tel: +44 (0)7710 126618
web: ComplianceAndPrivacy.com - where busy executives go to find the
news first
personal blog: timtrent.blogspot.com/ - news, views, and opinions
personal website: Tim's Personal Website <http://www.trent.karoo.net> -
more than anyone needs to know
Marketing by Permission
<http://feeds.feedburner.com/%7Er/MarketingByPermission/%7E6/1>
Important: This message is private and confidential. If you have
received this message in error, please notify us and remove it from your
system. This email and any attachment(s) are believed to be virus-free,
but it is the responsibility of the recipient to make all the necessary
virus checks. This email and any attachments to it are copyright of
Meadowood Associates, owners of Compliance And Privacy, unless otherwise
stated. Their copying, transmission, reproduction in whole or in part
may only be undertaken with the express permission, in writing, of
Meadowood Associates, at Meadowood House, 30 Redditch, Bracknell,
Berkshire, RG12 0TT.
________________________________
All archives of messages are stored permanently and are available to the
world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of
the email if you are receiving emails in HTML format):
* Leaving this list: send leave data-protection to
[log in to unmask] <mailto:[log in to unmask]&BODY=LEAVE
data-protection>
* Suspending emails from all JISCMail lists: send SET * NOMAIL to
[log in to unmask] <mailto:[log in to unmask]&BODY=SET *
NOMAIL>
* To receive emails from this list in text format: send SET
data-protection NOHTML to [log in to unmask]
<mailto:[log in to unmask]&BODY=SET data-protection NOHTML>
* To receive emails from this list in HTML format: send SET
data-protection HTML to [log in to unmask]
<mailto:[log in to unmask]&BODY=SET data-protection HTML>
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body
of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list
owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the
moderators, and all requests for technical help to
[log in to unmask], the general office helpline)
________________________________
**********************************************************************
This email and any files transmitted with it are privileged, confidential
and subject to copyright. Any unauthorised use or disclosure of any part of
this email is prohibited. If you are not the intended recipient please
inform the sender immediately; you should then delete the email and remove
any copies from your system.
The views or opinions expressed in this communication may not necessarily be
those of Scottish Borders Council.
Please be advised that Scottish Borders Council's incoming and outgoing GSX
email is subject to regular monitoring and any email may require to be
disclosed by the Council under the provisions of the Freedom of Information
(Scotland) Act 2002.
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|