Manufacturers get new standard for data protection
1 min read
Almost one in five businesses has unwittingly breached the Data Protection Act (DPA) at least once, according to a survey of more than 500 SMEs conducted by BSI.
Of these, nearly half said they had breached the act on several occasions and an additional 18% said they were not sure whether they had or not – with a breach meaning an illegal transfer of information to a third party, failure to hold information securely or neglect of other legal obligations.
The survey was released to coincide with the publication today of a new British Standard – BS10012, Data protection – Specification for a personal information management system – designed to help organisations to put in place a framework for maintaining and improving compliance with the legislation.
Among other key results, the survey also finds that 65% of businesses provide no data protection training for staff, while nearly half say there is no one with responsibility for data protection.
Worryingly, 15% of businesses are not confident that their data sharing practices conform to the DPA and almost 5% of these frequently share data regardless. Also, perhaps unsurprisingly, 18% say that data protection is less of a priority in the current economic climate.
Mike Low, director of standards for BSI, says: "A third of businesses we surveyed stated that the complexity of the legislation restricts their compliance with the DPA. BS 10012 is a new standard, published by BSI today, which addresses this and many other issues, providing organisations with a framework for maintaining and improving compliance."
Gordon Wanless, chairman of the Data Protection Forum, adds: "The BSI survey backs up what we have known for some time – that many organisations find the legislation in this area complex. The standard can help [them] put in place the measures which will lead to compliance and demonstrate that they are handling personal information responsibly."
He also makes the point that, rather than prescribing exactly how operations should be run, BS 10012 provides the framework to enable effective management of personal information. BS 10012, was developed by a panel of experts, including representatives from industry, government, academia and consumer groups.
