Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

British data protection standard is published (in draft)

A set of instructions on how organisations can stay within the Data Protection Act (DPA) while storing personal information has been published by British Standards (BSI).14 Jan 2009

National standards body the BSI wants its instructions to become a standard and has asked for comments on a published draft. It wants the eventual standard to help organisations to store personal information legally.

"This standard is the first of its kind in the area of Data Protection and is expected to be used widely by both public and private sector organizations," said Gordon Wanless, chairman of BSI's data protection forum.

"Data Protection has been the focus of much public attention over the last year and this standard will help organisations demonstrate that they are handling personal information responsibly," he said.

The standard instructs organisations in how to create and manage a personal information management system (PIMS), which would provide an infrastructure within which it could operate while staying within the law.

"This British Standard is for use by organizations of any size, in both the public and private sectors," says the draft standard. "It is intended to provide a common ground for the management of personal information for providing confidence in its management, and for enabling an effective assessment of compliance with amongst other things the DPA by both internal and external assessors."

More and more organisations are collecting and storing information to help them do business more effectively, and some of that information is often personal data as defined by the DPA.

The DPA orders companies that collect and store personal information to do so in line with eight principles, including the demand that information be fairly processed; that it be used for limited purposes; and that it not be kept for longer than necessary.

Information Commissioner Richard Thomas told a Parliamentary Committee hearing yesterday that the issue of data protection is becoming ever more important as more organisations opt to keep data.

"The power and benefits of database technology, coupled with instantaneous and comprehensive global communications, have been widely appreciated by businesses, by government and by individuals," he told the Justice Select Committee yesterday. "Dramatic reductions in the cost of collecting, processing and storing data have fuelled the growth in their use. It is often said that it is now cheaper to store data than delete it."

The consultation on the draft standard is open until 31 March.