BCS writes data Highway Code
Mirror, signal, burn to disc
The British Computer Society has created a Personal Data Guardianship Code to help businesses and individuals deal responsibly and safely with private information.
The guidelines follow two years work during which there have been a series of major losses by government departments, private firms and even secret agents. Most of the losses have been caused by the failure of people to follow even the simplest data protection principles, yet they have in no way dented government enthusiasm for ever more databases and more data sharing.
The BCS lays out best practice for people dealing with data as well as explaining the responsibilities of holding such information.
The code includes reminders that people or organisations holding data should be accountable, be clear about what data they hold, get consent to collect that data and act as a responsible steward for that information. Organisations should have a written code of practice for data collection and privacy which is followed and monitored by the board of directors.
The code also explains the rights of individuals in respect to their data - what you have the right to see, to correct and how you can opt-out of some databases.
None of the advice is very revolutionary, but it is laid out in a clear and simple way. Maybe its even clear enough for senior civil servants and politicians to read.
The BCS got involved in lobbying against the Coroners and Justice Bill which aimed to ease data sharing between government departments.
You can download the complete code from here. ®
By far the most OSes installed in business are by MS, can you now clarify why an industry body shouldn't have a pro-MS stand, or would you like them to be anti the company that supplies most of their members' work?
Having said that, without exception all of the people that I know who are in the BCS in one way or another are FOSSers/UNIXers/Mainfram-ers who happen to use MS software as well. You almost certainly wouldn't get very far in BCS if you maintain an anti-anything stance, let alone anti-MS, because it would show how out of touch you are with business needs.
Also why should a working scientist automatically get anything from BCs? The only thing you can automatically get is membership, anything else you have to prove that you are worthy of.
And, their web site does take electronic payments from the usual suspects.
I'm living in Merseyside at the moment and I can tell you that, working as a web desginer/developer (albeit freelance) and knowing several other developers, designers, coders, IT expert etc, etc, the BCS is still out of date and what's worse very few people in Merseyside actually recognise them. Add that to the fact that Merseyside is not exactly cutting edge all you have is a moot point. Sorry.
Have done some consultancy work a while back I drafted up a document that was just 5 pages of text. Most of that was bullet points and short paragraphs in plain english. Put simply I told them, to read the document or in leiu of the 'Don't be Stupid'. The fact is that a USB thumb disk/drive is easy to lose, add to that there is often a misconception that just because you can use Microsoft Office you are computer literate means that often those who are meant to implement security plans don't know how to. Hell even the ECDL doesn't go into preventative/security measures and that's a manditory requirement for many Gov depts.
The simplest thing is that there needs to be greater levels of education and CPD that instructs both business owners and employees in the basics. Virus scans, password protection of removeable media, correct deletion proceedures.....you know the simple, yet 'oft overlooked things!
IT because at one point it stood for INFORMATION TECHNOLOGY, now it's IDIOTIOTIC TRIUMPHS
Reading the advice...
"There should be an audit trail within the organisation showing who has actually accessed personal data. "
Who currently does this? It would result in a lot of data being generated, is this something that is regarded as good practice for all organisations or just those working with particularly sensitive data e.g. medical, financial?