All eyes are currently on the British
Standards Institute, as the soft launch of its new accreditation framework for BS 10012 has commenced. How quickly will it take off, bearing in mind the ICO’s
intention to endorse (at least) one privacy seal scheme next year? Will
organisations wait until it is clear whether this scheme has been officially
endorsed by the ICO, or will they be brave and apply for BSI accreditation now?
For those not in the know, BS
10012 is the framework that sets up a personal information management system.
If you need reassurance that your organisation meets the requirements of British
data protection legislation, then this is the standard for you. If data
controllers want to demonstrate “accountability,” they will benefit from being
capable of complying with this standard.
Like all accountability
frameworks, the point is that they are designed, as the BSI explains, to:
- Identify risks to personal information and put controls in place to manage or reduce them.
- Demonstrate compliance with data protection legislation and gain preferred supplier status.
- Gain stakeholder and customer trust that their personal data is protected.
- Gain a tender advantage and win new business.
- Safeguard your organisation's reputation and avoid adverse publicity.
- Protect you and your organisation against civil and criminal liability.
- Benchmark your own personal information management practices with recognized best practice.
Some organisations might not want
to open their internal systems up to the scrutiny of a BSI auditor until they
are reasonably confident that the systems are reasonably robust. Few
organisations relish the prospect of strangers poking around for dirty laundry.
But they might want some help from an expert who is familiar with the standard,
nonetheless.
As someone who served on the
working party responsible for writing that standard, I’m in a good position to
offer some useful advice.
If you are interested in a frank
review of your systems (or if you just want to know what it is that the law
says you ought to be doing), then please feel free to contact me.
Source:
http://www.bsigroup.com/en-GB/BS-10012-Personal-information-management/
.
Posts
