First standard set for UK data protection

The first standard for the management of personal information in the United Kingdom has been published by the British Standards Institute.

BS 10012, published on Tuesday, specifies requirements for a personal-information management system (PIMS), which organizations can use to maintain and improve compliance with the Data Protection Act (DPA).

The BSI said the standard can be used by organizations of any size or sector to create data-management systems.

Procedures and systems formulated to the standard would combine staff training and awareness, risk assessment, data-sharing procedures, retention and disposal of data, and disclosure to third parties.

Data-protection expert Louise Townsend, a senior associate at Pinsent Masons, said that in light of recent security breaches, both public- and private-sector organizations would find this standard useful.

"We think government departments will take this seriously, but we also have a number of retail clients who will take this seriously as well," Townsend told ZDNet Asia's sister site ZDNet UK on Thursday.

"On the back of security breaches, organizations can say: 'We recognize this is a concern'. This is a formal standard organizations can work towards which will help their public-facing side, and help internally manage risks."

Townsend said that, while lawyers frequently audit companies for data-protection purposes, organizations have nothing tangible they can show to customers after the audit "other than a legal bill".

The standard is available for download from the BSI at a cost of £50 (US$82) for BSI members or £100 (US$164) for non-members.