The Home Office is to use a newly-launched guide to handling personal data to improve the security of its internal data.
The Home Office model will help the department classify the sensitivity of data and either certify data handling processes as adequate or specify remedial steps.
"The Personal Data Guardianship Code will be used to inform questions to suppliers," said Peter Walmsley, programme lead for supplier relationship management at the Home Office.
The code, jointly developed by the British Computer Society (BCS) and the Information Security Awareness Forum (ISAF), was launched in London yesterday.
Walmsley, who was involved in the code's development, said the Home Office assurance model is about to enter its second trial ahead of its release later this year.
"The assurance model is designed to be a tookit for collaborating with suppliers to ensure best practice in handling data," he said.
Louise Bennett, chair of the BCS Security Forum said that like the Home Office, organisations can use the code to question suppliers and get them to consider better ways of handling data.
The code is a short document written in simple English that is aimed at helping organisations and private individuals to understand their responsibilities in handling personal data.
The roles of 'responsible person', 'data handler' and 'data subject' as defined by the Data Protection Act are explained and duties are laid out on separate sheets for easy reference.
"Most organisations are 'data handlers' and need to understand the possible consequences of failing to meet their data handling obligations, and this document can help," said Bennett.
The code is available as a free download and includes 15 examples of real-world uses of the principles of good data governance.
The BCS will help any organisation free of charge to customise these examples to make the code more relevant for members of their organisation, said Bennett.
Jonathan Bamford, assistant information commissioner, said there is no silver bullet. But, he said, the code is a practical tool that can help people who handle data to understand what is expected of them by data protection law.