First standard set for UK data protection

In the light of numerous security breaches, the BSI has formulated a data-protection standard that organisations can use for UK DPA compliance
Written by Tom Espiner, Contributor

The first standard for the management of personal information in the UK has been published by the British Standards Institute.

BS 10012, published on Tuesday, specifies requirements for a personal-information management system (PIMS), which organisations can use to maintain and improve compliance with the Data Protection Act (DPA).

The BSI said the standard can be used by organisations of any size or sector to create data-management systems. Procedures and systems formulated to the standard would combine staff training and awareness, risk assessment, data-sharing procedures, retention and disposal of data, and disclosure to third parties.

Data-protection expert Louise Townsend, a senior associate at Pinsent Masons, said that in light of recent security breaches, both public- and private-sector organisations would find this standard useful.

"We think government departments will take this seriously, but we also have a number of retail clients who will take this seriously as well," Townsend told ZDNet UK on Thursday. "On the back of security breaches, organisations can say: 'We recognise this is a concern'. This is a formal standard organisations can work towards which will help their public-facing side, and help internally manage risks."

Townsend said that, while lawyers frequently audit companies for data-protection purposes, organisations have nothing tangible they can show to customers after the audit "other than a legal bill".

The standard is available for download from the BSI at a cost of £50 for BSI members or £100 for non-members.

Editorial standards