The Home Office is to use a newly-launchedguide to handling personal datato improve the
security of its internal data.
The Home Office model will help the department classify the
sensitivity of data and either certify data handling processes as
adequate or specify remedial steps.
"The Personal Data Guardianship Code will be used to inform
questions to suppliers," said Peter Walmsley, programme lead for
supplier relationship management at the Home Office.
The code, jointly developed by the British Computer Society
(BCS) and the Information Security Awareness Forum (ISAF), was
launched in London yesterday.
Walmsley, who was involved in the code's development, said the
Home Office assurance model is about to enter its second trial
ahead of its release later this year.
"The assurance model is designed to be a tookit for
collaborating with suppliers to ensure best practice in handling
data," he said.
Louise Bennett, chair of the BCS Security Forum said that like
the Home Office, organisations can use the code to question
suppliers and get them to consider better ways of handling
data.
The code is a short document written in simple English that is
aimed at helping organisations and private individuals to
understand their responsibilities in handling personal data.
The roles of 'responsible person', 'data handler' and 'data
subject' as defined by the Data Protection Act are explained and
duties are laid out on separate sheets for easy reference.
"Most organisations are 'data handlers' and need to understand
the possible consequences of failing to meet their data handling
obligations, and this document can help," said Bennett.
The code is available as a
free download
and includes 15 examples of real-world uses of the principles of
good data governance.
The BCS will help any organisation free of charge to customise
these examples to make the code more relevant for members of their
organisation, said Bennett.
Jonathan Bamford, assistant information commissioner, said there
is no silver bullet. But, he said, the code is a practical tool
that can help people who handle data to understand what is expected
of them by data protection law.