If you have advanced knowledge in ths area I would advise you not to spend money on this guide. However it is an excellent guide for staff.
This is a very good ready reference for those not too sure what they should be doing when it comes to data protection legislation. There are frequent short case studies which help colour some of the explanations.
This is the second edition published by the BSI and has 16 chapters listed below.
1. Introduction. Who must comply with the DPA, the rules, what personal infomation is protected by the law, when is an organisation processing personal inforamtion, data processors, who enforces the law.
2. Notification. Notifying the IC, consequences of failure to notify, what information is on the register and who has access, maintenance of notification,, notification agencies.
3. Exemptions from notification. Processing for core business purposes, Not-for-profit organisations, Voluntary notification.
4. Collecting Personal Information. Collction, Fair and lawful processing.
5. Using Personal Information. Using the information fairly.
6. Data Quality. Ensuring the quality of the information, Keeping information accurate/adequate & up to date, matter of opinion, correct at the time but now out of date, keep it relevant, do not collect excessive information, keep information no longer than necessary.
7. Disclosing and Sharing Personal Information. Making disclosures, other sharing, special rules for statutory bodies, FAQs, requests from third parties andprivate sector organisations.
8.Tranferring Personal Information Overseas. Who is in the European Economic Area, what is meant by adequate protection, model contracts, binding corporate rules.
9. Using Information In Line With Individuals' Rights. The law and individuals' rights, right of access, right to object to direct marketing, processing that may cause distress or damage to an individual, rights in relation to automated decision-taking, challenges to accuracy thorugh the courts, FAQs.
10. Employer and Employee Information. Using employee data, employment code of practice, staff training in data protection: their liability (and yours).
11. E-commerce. Data Protection Law and the internet, websites, Cookies/web bugs/other spyware, Email/SMS & MMS multimedia messages, payments over the web.
12. Operating a CCTV System. basic rules, CCTV code of practice.
13. Security and Disposal of Personal Information. Secuirty, outsourcing, disposal and destruction of personal information.
14. Sector-Specific Guidance For Using Personal Information. Accountants/solicitors/other porfessionals, consultants, independent financial advisors, credit brokers, private investigators & tracing agents, health professionals, schools, charities/churches/unincorporated not-for-profit organisations.
15. Maintaining Compliance. Accountability and responsibility, policies and procedures.
16. Contact with the Information Commissioner. Dealing with problems, contact from the IC, difference between enforcement and prosecution, who is liable, warrant to search premises, what happens if you are presecuted, dealing withinformation complaints from individiuals, changes to the IC powers.
The information provided is easy to follow and understand. I think this guide should be in every office where personal information is handled with all staff required to read it. It would be worth issuing to every employee handling such information.