Nicola McKilligan and Naomi Powell
Peter Wheatcroft CEng FIET FBCS CITP FCMI
10 out of 10
The Data Protection Act (DPA) 1998 has been in force for some years but until recently, there hasn’t been an equivalent data protection standard or readable guidance notes to help organisations enact the DPA principles.
This year has seen the publication of BS10012:2009 and this pocket guide complements it. It is a second edition book with many new topics included since its first appearance and it contains copious references to the DPA as well as BS10012.
I started looking at the book in order to review it but ended up reading it cover-to-cover as it was packed full of interesting advice on ‘how to’ as well as ‘what to’ in relation to data protection.
It is unusual to find a reference book that is readable as well as being informative and this is both - it has been updated to reflect recent changes in the DPA and contains many interesting, but brief case studies in each of its 16 chapters to undermine the advice provided.
The case studies are both topical and relevant - for example, the construction industry blacklist database is included - and chapter 2 offers a fascinating insight into the role of third party notification agencies. The advice provided is so clear that it’s worth the cover price for this chapter alone.
What I also learnt from this pocket guide is that subject access requests for disclosure of personal data don't have to reference the DPA itself, which isn't widely known and could help the individual. I also discovered more about the work of marketing preference services and marketing regulations covering the use of email, SMS and MMS (multimedia message service) on just two pages than from anywhere else.
The chapter covering transfer of data overseas is interesting and of relevance to anyone contemplating outsourcing or moving their business operations to a country outside the EEA (European Economic Area). Guidance is also provided on the collection and processing of information from social networking sites and the control of cookies when browsing websites and the authors also provide guidance on the control of CCTV monitoring.
Overall, an excellent book that covers a lot of ground in just 124 pages and provides all you need to know to comply with the DPA and start considering whether you need certification to BS10012 or not.
Further information: BSI Group