The British Standards Institute has published its draft BS 10012 “Specification for the management of personal information in compliance with the Data Protection Act 1998” for public comment. The creation of a data protection standard is an important step forward for privacy – the Data Protection Act tells us what the legal outcomes must be, but not what processes should be followed to achieve them. BS 10012 may go some way towards remedying that situation if it can be developed into a practical standard that is welcomed by industry.
I’ve read and commented on the standard, and I’d urge you to do the same. If you have any opinions on it, do please share them here.