Self-assessment for data protection compliance

Edited by the Engineeringtalk editorial team Nov 30, 2005

A new easy-to-use self-assessment tool is now available from BSI Business Information for organisations to test their compliance with legislation and best practice in privacy and data protection.

Every business in the UK must comply with the Data Protection Act (DPA) 1998; that is the law and there are no exceptions.

The Act's aim is to ensure personal information is properly protected.

The majority of organisations already recognise that keeping relevant, accurate and up-to-date records makes good business sense.

However, for those businesses that do not comply, the consequences are serious.

This week, the Information Commissioner's Office launched a new Regulatory Action Strategy, with the aim of targeting organisations that deliberately or persistently ignore their obligations under the DPA.

The newly-appointed Deputy Information Commissioner, David Smith, said: "Businesses should be warned that we will not hesitate to take legal action where necessary".

The powers of regulatory action include criminal prosecution, civil enforcement and audit; so, with this in mind, businesses will be interested to hear that a new easy-to-use self-assessment tool is now available from BSI Business Information.

The Privacy and Data Protection Scorecard is a new online tool for organisations to test their compliance with legislation and best practice in privacy and data protection.

The scorecard, produced by leading consultancy Information Answers, is used to assess the extent to which an organisation's policies, codes of practice, guidelines and procedures meet the requirements of the Data Protection Act 1998 and the Privacy in Electronic Communications Act 2003.

The Scorecard can be used to: quickly gain a cost-effective overview of the current state of privacy and data protection; monitor improvements in ability to comply over time; extend the reach and accessibility of the specialist privacy team by enabling on-line self-assessment; and preparation for a fuller more detailed privacy and data protection compliance audit.

It tests 57 individual practices in the following sections: Privacy in Context - this section sets the context by testing four aspects of privacy within the context of customer management; People and Organisation - this section tests whether the organisation has a privacy/data protection infrastructure in place; Data Protection Principles - this section covers the eight detailed data protection principles at the heart of the UK implementation of The Act; Process Management - this section tests whether the organisation has a number of key privacy/data protection processes in place; Privacy and Electronic Communication - this section tests understanding of and compliance with the recent legislation in this area; and Privacy Futures - this section looks to the future and how the organisation is aware of or addressing likely developments in the privacy/data protection area.

It is suitable for any business wishing to build a shared understanding across customer management staff and privacy specialists.

It crosses the typical divide between the needs of the customer management community, and those of privacy specialist within an organisation - meeting the needs of both (ie developing a shared understanding of the current state that can be progressed).

Often these communities fail to 'talk the same language', and have negative perceptions of the other's standpoint.

Additional telephone support is available, offering legal advice from the experts at Information Answers.

BSI order ref BIP 0063 Distributed by BSI.

Price £400* +VAT (£470) or £800* +VAT (£940) with additional telephone support from experts at Information Answers.

For more information, please visit the BSI website.