BCS helps UK understand personal data guardianship principles

The British Computer Society has published a code of practice for people who work with personal data. There are quite a lot of people working with our personal data, and we know that some have been negligent in the past. Government agencies in particular sometimes seem to encourage their employees to burn CD- and DVDROMs loaded with information that they are not allowed to distribute and leave them in public places such as railway carriages; but there are lots of other insidious ways in which such information might pass from legitimate into illegitimate use.

This code digests UK law and provides guidance that to my eye is simple enough for even the most harried civil servant to understand. I hope sections like Responsibilities of the data handler will be pinned up in the offices where those CDs and DVDs are burned. The code may also be of interest to anybody who is concerned about the way that personal data is being collected and used in the UK. Its weakness may be the use of terms such as ‘responsibility’ which seem not to be understood and applied by all of us in the same way.