BS 10012-2009 个人信息管理系统 数据保护规范
|
ID: |
1E3307EF6D6644529DE4F0DBE1D35E69 |
|
文件大小(MB): |
0.5 |
|
页数: |
32 |
|
文件格式: |
|
|
日期: |
2010-1-5 |
|
购买: |
文本摘录(文本识别可能有误,但文件阅览显示及打印正常,pdf文件可进行文字搜索定位):
BRITISH STANDARD,BS 10012:2009,Data protection –,Specification for a,personal information,management system,Data protection – Specification,for a personal information,management system,BS 10012:2009,BS 10012:2009 BRITISH STANDARD,Publishing and copyright information,The BSI copyright notice displayed in this document indicates when the,document was last issued.,. BSI 2009,ISBN 978 0 580 61550 4,ICS 01.140.30; 03.100.99; 35.020,The following BSI references relate to the work on this standard:,Committee reference IDT/1,Draft for comment 09/30175848 DC,Publication history,First published May 2009,Amendments issued since publication,Date Text affected,BRITISH STANDARD,. BSI 2009 ?i,BS 10012:2009,Contents,Foreword ii,0 Introduction 1,1 Scope 3,2 Terms, definitions and abbreviations 3,3 Planning for a personal information management system,(PIMS) 5,4 Implementing and operating the PIMS 7,5 Monitoring and reviewing the PIMS 20,6 Improving the PIMS 21,Annexes,Annex A (informative) The Plan-Do-Check-Act (PDCA) cycle 23,Bibliography 24,List of figures,Figure A.1 – PDCA cycle applied to the management of personal,information 23,Summary of pages,This document comprises a front cover, an inside front cover,pages i to ii, pages 1 to 24, an inside back cover and a back cover.,BS 10012:2009,ii ?. BSI 2009,BRITISH STANDARD,Foreword,Publishing information,This British Standard is published by BSI and came into effect on,31 May 2009. It was prepared by Panel IDT/1/-/4, Data protection,under the authority of Technical Committee IDT/1, Document,management applications. A list of organizations represented on this,committee can be obtained on request to its secretary.,Information about this document,This British Standard has been produced to:,?form the basis of internal policies on data protection legislation,and good practice compliance;,?facilitate the identification and drafting of internal procedures,and processes;,?enable an organization to demonstrate compliance with data,protection legislation and good practice to its clients;,?facilitate assessment of compliance with data protection legislation,and good practice;,?provide a standardized benchmark for audits and process reviews.,Presentational conventions,The provisions of this standard are presented in roman (i.e. upright),type. Requirements are expressed in sentences in which the principal,auxiliary verb is “shall”.,Where optional recommendations are included, they are expressed in,sentences in which the principal auxiliary verb is “should”.,Commentary, explanation and general informative material is presented,in smaller italic type, and does not constitute a normative element.,Contractual and legal considerations,This publication does not purport to include all the necessary provisions,of a contract. Users are responsible for its correct application.,Compliance with a British Standard cannot confer immunity from,legal obligations.,BRITISH STANDARD,. BSI 2009 ?1,BS 10012:2009,0 Introduction,0.1 Personal information management system,The objective of this British Standard is to enable organizations to put,in place, as part of the overall information governance infrastructure,a personal information management system (PIMS) which provides,a framework for maintaining and improving compliance with data,protection legislation and good practice.,The key piece of legislation in this area is The Data Protection Act 1998,(DPA) [1]. This implements a European Directive (95/46/EC) [2] and,applies to “personal data” which is defined in the DPA as information,relating to identifiable living individuals. This British Standard uses the,term “personal information” in place of the term “personal data”.,The DPA is regulated and enforced by the Information Commissioner,who is responsible for promoting the protection of personal,information. The Information Commissioner promotes good practice,by the issue of guidance, rules on eligible complaints, provides,information to individuals and organizations and takes appropriate,action when the law is broken. The Information Commissioner has,powers to investigate complaints, make assessments as to whether,processing is compliant with the DPA, and issue information and,enforcement notices.,0.2 Data protection principles,The DPA requires “data controllers” to comply with eight data,protection principles, summarized as follows,1) which require personal,information to be:,1st principle – fairly and lawfully processed;,2nd principle – obtained only for specified purposes and not further,processed in a manner incompatible with those purposes;,3rd principle – adequate, relevant and not excessive;,4th principle – accurate ……
……