Information policy formation (replaces "Data protection")
SFIA 3: Definition
The development and implementation of policies, procedures, working practices and training to comply with the requirements of legislation regulating the holding, use and disclosure of personal information such as, in the UK, the Data Protection Act, Computer Misuse Act, Freedom of Information Act.
Proposed for SFIA 4.0:
The development of policies, procedures, working practices and training to promote compliance with legislation and other regulations regarding the holding, use and disclosure of information, including, in the UK, the Data Protection Act, Computer Misuse Act, and Freedom of information Act.
DPRO
Posted by
dcflint
at
2008-07-24 10:15 AM
The skill needed to develop policies, procedures, etc, to comply with laws about personal information aren't very different from those needed to comply with other IT related laws. We should recognise this by broadening the definition in the way proposed by the IM group.
However, there's a big difference between writing policies and procedures and implementing them. The first is a somewhat abstract, even intellectual, activity requiring knowledge of law and the ability to write rules that will apply in a variety of contexts - some unforeseeable. The second is much more practical and is arguably just the activity of management. Therefore we should focus this skill on the former leaving implementation to managers and system designers, developers., etc.
However, there's a big difference between writing policies and procedures and implementing them. The first is a somewhat abstract, even intellectual, activity requiring knowledge of law and the ability to write rules that will apply in a variety of contexts - some unforeseeable. The second is much more practical and is arguably just the activity of management. Therefore we should focus this skill on the former leaving implementation to managers and system designers, developers., etc.
Forgot your password?
New user?
The development of policies, procedures, working practices and training to comply with the requirements of legislation and other regulations regarding the holding, use and disclosure of information both:
• Explicitly, eg, in the UK, the Data Protection Act, Computer Misuse Act, Freedom of Information Act, and laws on the retention of records and
• Implicitly, eg legislation on tax documents, bank ‘books’ and public records.