标准2025BSI已修订了数据保护标准。BS 10012:2017 数据保护—个人信息管理体系规范正是为个人信息管理人员编写的最佳操作指南。
修订后的标准规定了对使用个人信息管理体系(PIMS)的组织要求。PIMS为维持和提升数据保护能力提供了框架。该项标准还为内外部人员评估数据保护能力提供了明确的指导。
该项标准适用于各种规模、各种类型的企业。在2009年版的基础上,BS 10012新增了对个人、敏感数据的新定义、对使用个人信息搜集资料的限制以及针对数据保护人员的新的管理要求。
使用假名的数据,要获准数据处理也更严格。BSI 10012标准特别考虑到使用假名的数据,还考虑通过修订法律纳入数据处理人员。
实施BS 10012能支持许多组织采用合适的“信息治理”策略。信息治理是一套用于信息管理的多学科结构、策略和流程。信息治理支持组织当前和今后的监管、法律、风险、环境和运营需求。
安妮.海斯(Anne Hayes)是BSI管理和恢复部的负责人,她说:“BS 10012给组织提供了结构性指导,帮助它们在最大的安全保障下应用常识性策略处理个人信息。” 这也将为组织各级员工提供信心,决策者认真对待数据安全的热点问题。 数据保护仍然是各种形式和规模的组织以及广大公众的主要关注点,BS 10012解决了这些担忧。
最新版本的BS 10012的很多变化都是根据2016年4月14日成为法律的欧盟通用数据保护法规(GDPR)制定的,。到2018年5月25日,GDPR将直接用于英国和各欧盟成员国。
为BS 10012的制定做出突出贡献的机构包括:信息专员署(ICO)、国家数据保护官员协会(NADPO)、数据保护论坛、文化、媒体及运动部、国际保密专家协会、信息和记录管理协会、英国电脑协会、金融服务记录管理论坛、金融行为监管局以及信息安全论坛。
Standard for data protection revised to address ever-increasing threats to personal information
BSI, the business standards company, has updated its standard for data protection. BS 10012:2017 Data protection – specification for a personal information management system was developed to provide best practice guidance for leaders responsible for the management of personal information.
The revised standard specifies requirements for an organization to adopt a personal information management system (PIMS). PIMS provides a framework for maintaining and improving compliance with data protection requirements. The standard is also intended to provide clear guidance for internal and external assessors on assessing compliance with data protection requirements.
The standard is applicable for organizations of all sizes and sectors. Changes from the 2009 version of BS 10012 include a new definition of personal and sensitive data; restrictions on profiling using personal data; and new administrative requirements for data privacy officers.
Data written under a pseudonym is now specifically covered, and there are stricter requirements for consent for processing. BSI 10012 also takes into account a change in the law to cover data processors.
Implementing BS 10012 will support many organizations in their adoption of an appropriate “Information Governance” strategy. Information Governance is a set of multi-disciplinary structures, policies, procedures and processes taken to manage information. Information Governance supports an organization’s immediate and future regulatory, legal, risk, environmental and operational requirements.
Anne Hayes, Head of Governance and Resilience at BSI, said: “BS 10012 will provide organizations with structured guidance on implementing a common-sense strategy to handle personal information as securely as possible. It will also provide confidence to employees at all levels of an organization that decision-makers take the hot-button issue of data security seriously.
“Data protection remains a leading concern for organizations of all shapes and sizes – as well as the public at large. BS 10012 addresses these concerns.”
Many of the changes in the latest version of BS 10012 have been written in recognition of the European Union General Data Protection Regulation (GDPR), which became law on April 14, 2016. The GDPR will be directly applicable to the UK and member states on May 25, 2018.
Key organizations involved in the development of BS 10012 include Information Commissioners Office (ICO); National Association of Data Protection Officers (NADPO); Data Protection Forum; Department for Culture, Media and Sport; International Association of Privacy Professionals; Information and Records Management Society; British Computer Society; Financial Services Records Management Forum; Financial Conduct Authority; Information Security Forum.