02 June 2009

Manufacturers get new standard for data protection

Almost one in five businesses has unwittingly breached the Data Protection Act (DPA) at least once, according to a survey of more than 500 SMEs conducted by BSI.

Of these, nearly half said they had breached the act on several occasions and an additional 18% said they were not sure whether they had or not – with a breach meaning an illegal transfer of information to a third party, failure to hold information securely or neglect of other legal obligations.

The survey was released to coincide with the publication today of a new British Standard – BS10012, Data protection – Specification for a personal information management system – designed to help organisations to put in place a framework for maintaining and improving compliance with the legislation.

Among other key results, the survey also finds that 65% of businesses provide no data protection training for staff, while nearly half say there is no one with responsibility for data protection.

Worryingly, 15% of businesses are not confident that their data sharing practices conform to the DPA and almost 5% of these frequently share data regardless. Also, perhaps unsurprisingly, 18% say that data protection is less of a priority in the current economic climate.

Mike Low, director of standards for BSI, says: "A third of businesses we surveyed stated that the complexity of the legislation restricts their compliance with the DPA. BS 10012 is a new standard, published by BSI today, which addresses this and many other issues, providing organisations with a framework for maintaining and improving compliance."

Gordon Wanless, chairman of the Data Protection Forum, adds: "The BSI survey backs up what we have known for some time – that many organisations find the legislation in this area complex. The standard can help [them] put in place the measures which will lead to compliance and demonstrate that they are handling personal information responsibly."

He also makes the point that, rather than prescribing exactly how operations should be run, BS 10012 provides the framework to enable effective management of personal information. BS 10012, was developed by a panel of experts, including representatives from industry, government, academia and consumer groups.

Author
 Brian Tinham

Supporting Information

Companies
BSI Group

This material is protected by Findlay Media copyright
See Terms and Conditions.
One-off usage is permitted but bulk copying is not.
For multiple copies contact the sales team.

Do you have any comments about this article?

Add your comments

Name

 
Email

 
Comments
 

Your comments/feedback may be edited prior to publishing. Not all entries will be published.
Please view our Terms and Conditions before leaving a comment.

Related Articles

Stability, capability and acce

This year, IT buyers should be looking for stability and ways to prepare for ...

ISACA CRISC course

To help IT professionals prepare for the all-important CRISC (Certified in Risk ...

BCS adds ITIL Master

BCS, The Chartered Institute for IT, has added the ITIL Master Certificate in ...

Dodging the puppy syndrome

With the pressure on to cut costs, yet improve business and system agility, ...

Less is more: aligning your IT

IT costs very, very big bucks, and manufacturing businesses depend on it now ...

Fit for growth

Hard pressed manufacturing SMEs need to think carefully before rushing into ...