Good practice or legal practice in Data Guardianship

The mild criticism of the new BCS Personal Data Guardianship Code in the Register reveals the practical need for the code. I believe it is good practice to try to collect and record consent, whether or not it is legally required.   

Do also read the fuller Outlaw commentary including the references to the new “BS 10012 Data Protection: specification for a personal information management system.”

I am, however, more than a little uncertain as to how such guidance applies to those running/using the world’s most widely used personal informaton “management” systems (Bebo, Facebook, Heritage and all the other social and gaming networks, let alone those mining our on-line footprints (from Garlik and Google, through Phorm to RIPA).

I’d love to see a joint BCS/FIPR workshop on how the BCS code and new BS Standard would have applied to the database of MPs expenses.   

Hence the importance of the EURIM exercise to generate material for the largest ever intake of new MPs on the issues of Information Governance that they will face after the (r)evolution of 2010 (if not earlier).

I look forward to seeing animations of some of the examples in the BCS code appearing in the entries to the EURIM competition for YouTube material to bring Information Governance, (not just Data Protection) to life.

Do also look out for press releases in this area from the Audit Commission. They have some excellent reports due out shortly that will help add some of the missing dimensions to debate – based on solid research into current practice in the organisations they cover.