Last week saw the launch of the Personal Data Guardianship Code (Code) from the British Computer Society (BCS) and the Information Security Awareness Forum (ISAF). According to its introduction, the Code “is intended to help organisations and the people in them who handle personal data understand their individual responsibilities“. The aim is to create a guide to best practice in this area – a “Highway Code” for the use of personal data.
The Code identifies what it calls the “data life span”, which sets out the three-stage handling life span that personal data goes through. Firstly, there is “input”, which includes collection, verification and cleansing of the data. The second stage is “use”, which involves the primary use and the maintenance, updates, back-up and sharing of the data. Finally, there is “output”, which is the secondary use, copying, reuse, exporting and disposal of data.
The Code states that there are five key principles on which “best practice” is based during the life span of personal data:
1. Accountability – all those holding data should follow publicly accessible data governance principles;
2. Visibility – data subjects have the right to know what personal data about them is held by an organisation;
3. Consent – the collection and use of personal data has to be fair, lawful and in accordance with the eight data protection principles in the Data Protection Act;
4. Access – data subjects should have a right to know the groups of people within an organisation who have access to their personal data; and
5. Stewardship – those collecting personal data (including all parties in an outsourcing arrangement) have a duty to protect it throughout the personal data life span.
The Code highlights how greater use of technology has increased the vulnerability of all individuals to the misuse of personal information, meaning that data subjects themselves need to be ever more vigilant in protecting their personal information.
Datonomy will monitor with interest the progress of these two initiatives as they seek to build on the increased awareness amongst individuals and organisations of the importance of personal data following the surge in identity theft and recent high profile data losses.