Would Your Business Pass the Test?

Every business in the UK must comply with the Data Protection Act (DPA) 1998. Itís the law and there are no exceptions. The Actís aim is to ensure personal information is properly protected. The majority of organizations already recognize that keeping relevant, accurate and up-to-date records makes good business sense. However, for those businesses that do not comply, the consequences are serious.

This week, the Information Commissionerís Office launched a new Regulatory Action Strategy, with the aim of targeting organizations that deliberately or persistently ignore their obligations under the DPA. The newly-appointed Deputy Information Commissioner, David Smith said: ìbusinesses should be warned that we will not hesitate to take legal action where necessaryî.

The powers of regulatory action include criminal prosecution, civil enforcement and audit, so with this in mind, businesses will be interested to hear that a new easy-to-use self-assessment tool is now available from BSI Business Information:

The Privacy and Data Protection Scorecard

The Privacy and Data Protection Scorecard is a new online tool for organizations to test their compliance with legislation and best practice in privacy and data protection. The scorecard, produced by leading consultancy Information Answers, is used to assess the extent to which an organisationís Policies, Codes of Practice, Guidelines and Procedures meet the requirements of the Data Protection Act 1998 and the Privacy in Electronic Communications Act 2003.

The Scorecard can be used to:

Quickly gain a cost-effective overview of the current state of Privacy and Data Protection

Monitor improvement in ability to comply over time

Extend the reach and accessibility of the specialist Privacy team by enabling on-line self-assessment

Preparation for a fuller more detailed Privacy and Data Protection Compliance Audit.

It tests 57 individual practices in the following sections:

Privacy in Context ñ this section sets the context by testing four aspects of Privacy within the context of Customer Management

People and Organization ñ this section tests whether the organisation has a Privacy/Data Protection infrastructure in place


Data Protection Principles ñ this section covers the eight detailed Data Protection principles at the heart of the UK implementation of The Act

Process Management ñ this section tests whether the organization has a number of key Privacy/Data Protection processes in place

Privacy & Electronic Communication ñ this section tests understanding of and compliance with the recent legislation in this area

Privacy Futures ñ this section looks to the future and how the organization is aware of or addressing likely developments in the Privacy/Data Protection area.

It is perfect for any business wishing to build a shared understanding across Customer Management staff and Privacy specialists. It crosses the typical divide between the needs of the customer management community, and those of privacy specialist within an organization - meeting the needs of both (i.e. developing a shared understanding of the current state that can be progressed). Often these communities fail to ’talk the same language’, and have negative perceptions of the otherís standpoint.

Additional telephone support is available, offering legal advice from the experts at Information Answers.

BSI order ref BIP 0063 Distributed by BSI

Price 400* VAT (470), 800* VAT (940) with additional telephone support from experts at Information Answers.

For more information, please visit www.bsi-global.com/dpscorecard

*P&P 4.17 UK (inclusive of VAT), 5.83 Overseas ( VAT if applicable). P&P is free to BSI Subscribing Members. Pre-payment is required from non-Members. All prices, content and publishing dates may be subject to change.