Personal data code aims to avoid security breaches

Data, data everywhere - but usually not encrypted

A new Personal Data Guardianship Code launches today, in an attempt to cut the number of high-profile data breaches in the UK.

The BCS and the Information Security Awareness Forum (ISAF) are responsible for the 13-page code which aims to help organisations and employees who handle personal data understand their individual responsibilities.

"It promotes best practice and provides ’common sense’ guidance, and also lays out information for the data subject," according to the launch information.

BCS Security Forum chairwoman Louise Bennett said: "This is the equivalent of The Highway Code for motorists – it will help all those involved in the management of personal data understand their role and enable them to carry out their jobs better. It's the culmination of two years work which began in 2007."

The BCS/ISAF code identifies and outlines the principles and responsibilities of, "everyone involved in the collection, management and use of personal data including guidelines that include the roles and responsibilities of the responsible person, the roles and responsibilities of the data handler, and an overview of the rights and responsibilities of the data subject."

ISAF chairman Dr. David King said everybody should be able to trust that our personal data is being handled with respect and is being managed securely.

"Yet it is evident that this is not always the case," he said.

The recent 2009 Data Breach Investigations Report from IT provider Verizon Business suggested that 285 million records were compromised in 2008.

But the new code is not legal advice, and on the bottom of each page readers are informed: "This code is not intended to be legal advice and where the reader is unsure about any aspect of the Data Protection Act or other Acts and regulati ons they should seek legal advice or visit the Information Commissioner's web site."