Data Protection is a legal requirement for all UK firms
Simply put, any organisation that handles information that could be used to indentify a living individual must comply with the Data Protection Act 1998.
The Data Protection Act (1998) was drafted to ensure that this type of information that most organisations handle every day, is governed by certain privacy guidelines. In their words, the Act aims to "promote high standards in the handling of personal identifiable information (PII)", and so balance the need to protect the individual's right to privacy - whilst allowing businesses to carry out their normal activities.
-
A requirement to operate – certain industries place greater emphasis on compliance (example healthcare)
-
Expectations of customers, service users and employees
-
Enabling overseas outsourcing of data and information
-
A breach of Personal Identifiable Information could be devastating to the brand
-
Legal or regulatory compliance - falling foul can be very costly
Data Protection and Information Rights in the Public Sector
Just like commercial environments, the public sector also needs to protect its brand. Within governmental organisations however, it's other non-financial motivators such as legal and regulatory compliance that are paramount. Perhaps here more than anywhere else, the consequences of a data breach are particularly sensitive, and the advantage of clearly designed processes are the most beneficial. QT&C works closely with the public sector to help maintain compliance with the DPA98 along with other Information Rights legislation in order to uphold:
-
An individual's right to privacy
-
An individual's right to know certain information
-
Recognising the public interest
-
Satisfying national interest and security
QT&C services are about enabling compliance, effectively demonstrating the requirements of the Act and how they best apply within the real world environment. Simply ensuring the right people can access the data, and highlighting a set of sensible policies and principles can provide a blanket of protection, assurance and confidence within your team or workplace.
Personal Information Audit - To Be edited (PIA)
PIAs require an assessment of the risks to an individual’s privacy as it relates to a specific project or process. They include full or partial assessments (often called compliance or adequacy audits) that are then checked against privacy based legislation, regulations etc.
BS10012 - To Be edited
Comes at it from a managerial perspective – similar to ISO/IEC 27001 in that the objective is to put in place a management system – in this case a Personal Information Management System (PIMS) QT&C can help with both our services include: an outsourced Data Protection Officer Information and Data Protection Audit services (for both PIA’s and PIMS) Full PIMS Implementation
QT&C offers the following Data Protection services:
-
Outsourced Data Protection Officer
-
Privacy Impact Assessment – Full
-
Privacy Impact Assessment – Guidance
-
Development of Privacy Information Management System (PIMS) to BS10012
-
Internal Information Audit to BS10012
Other legislation, standards and regulations we work with are:
-
Freedom of Information Acts (FOIA and FOISA)
-
Environmental Information Regulations (EIR)
-
BS 10012 British Standard for Data Protection