Be the first to like this
A consumer’s guide to protecting personal information
British Standard BS 10012:2009 Data protection – specification for a personal information management system
Every time you use your supermarket reward card, contact your bank, use NHS services or buy something online, organisations collect and store certain information about you – this might be your name, address, date of birth, medical history, bank details, credit card number or even your shopping habits.
Used correctly this information can make your life easier. But, if it is used incorrectly, or falls into the wrong hands, you could become a victim of identity theft or fraud. This is where criminals use your personal information to get credit cards, open bank accounts, claim benefits, and even get new passports in your name. This could cost you dearly and take a lot of time and effort to sort out. According to the Home Office, identity theft costs UK consumers around £1.2 billion each year.¹
You can protect your personal data by keeping information in a safe place and being careful who you give your details to. But how can you be sure that organisations, such as councils, GPs, hospitals, banks, insurers, online stores and supermarkets are using your personal information correctly and keeping it safe?
The Data Protection Act 1998 is there to make sure that organisations collect only relevant and accurate information, store it safely and use it correctly. The Act also gives you the right to find out what information an organisation holds about you on paper and on computer records.
But the Act doesn’t guarantee the safe-keeping of your personal data. A 2009 survey conducted by the British Standards Institution found that 1 in 5 businesses admitted to unwittingly breaching the Data Protection Act. Of these, nearly half said they had breached the Act more than once and an additional 18% said they were not sure whether they had or not.
The Data Protection Act sets out eight principles that organisations must adhere to, but it doesn’t give them any guidance on what to do or how to manage personal information effectively and lawfully.
So, even organisations that want to comply with the Act can find it confusing and difficult. British Standard BS 10012 helps to fill that gap. It has been specifically written to help organisations meet the requirements of the Data Protection Act and gives companies step by step guidance on how to manage the information they hold about their customers.
BS 10012 – The basics
The British Standard for data protection was first published in June 2009. It is the first standard of its kind in the area of data protection. The standard can be used by organisations of any size, and in any sector. It provides a clear framework for UK organisations that want to comply with data protection law, helping them to create a tailored management system for personal data.
The standard gives detailed guidance in areas such as training and awareness, risk assessment, data sharing, retention and disposal of data and disclosure to third parties. However, the standard is voluntary so organisations do not have to sign up to it.
¹ Survey by The Identity Fraud Steering Committee (IFSC) published