ICO issues draft guidelines for personal information online

By Ron Condon, U.K. Bureau Chief 14 Dec 2009 | SearchSecurity.co.UK

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

More than a decade since the current version of the Data Protection Act came into force, organisations still struggle with compliance. And as more companies gather personal information online as part of their everyday work, the requirements of the DPA can seem even harder to follow.

More help for Data Protection Act compliance Learn about a privacy template that can used for DPA compliance purporses.

For this reason, the Information Commissioner's Office (ICO) has issued new guidelines to help organisations with their treatment of personal information online. The ICO guidelines, which are complete and ready for use, are being published as part of a consultation exercise that ends on March 5. Organisations and individuals can comment on them, and the recommendations will be further refined if necessary.

"The Internet offers great possibilities for convenience and for new experiences, but it can also present risks. A record of our online activity can reveal our most personal interests. This code explains the privacy risks that can arise, and suggests ways of dealing with them by adopting good practice," the ICO said in the introduction of its Personal Information Online Code of Practice.

"This code sets out clear, comprehensive recommendations for handling personal data properly and for giving individuals the right degree of choice and control over it. It should also help all organisations with an online presence to negotiate areas of legal uncertainty by adopting good practice."

According to the ICO, companies that follow the code, will not only generate greater trust among customers, but they will also reduce the risk of queries, complaints and disputes about their use of personal data.

Personal Information Online Code of Practice For more information, view the guidelines: Personal Information Online Code of Practice.

The code can be used as a checklist to evaluate and improve current procedures, or to make sure a new online service is delivered in a privacy-friendly way.

The code aims to clarify a range of areas of confusion, for instance, who is the data controller where information is collected online, special responsibilities when collecting data from vulnerable people, and the rules governing personal information that is transferred outside the U.K.

But there are still some areas of confusion that will need to be clarified, according to Louise Townsend, a privacy law expert at the London-based law firm Pinsent Masons LLP.

"I think it is a high-level view and addresses a lot of the frequently asked questions that the ICO gets asked," she said in statement. "It gives an overview and has a lot of links to some of the more technical guidance."

In particular, she identified the area of behavioural advertising and what activity is and is not legal, and suggested that organisations might need to receive more concrete advice.

"I think companies should bear in mind that this is a consultation, so if they want more clarity, then this is the time to say that, rather than in a few months' time," she said.

Tags: Compliance Regulation and Standard Requirements,  IT Security Frameworks and Standards,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Compliance Regulation and Standard Requirements Zurich Insurance breach payment: Data breach fine highest on record Employee security training for Data Protection Act compliance How to meet the PCI DSS compliance deadline on an IT security budget Mobile digital pad/pen helps secure patient data collection PCI compliance UK: The future of European merchant PCI compliance ISO 27001 SoA: Creating an information security policy document Ministry of Justice asks for input on UK privacy laws Exclusive PCI DSS news: EU regional director rallies UK merchants PCI PTS: Understanding PCI PIN security requirements PCI call centre: Understanding PCI DSS call recording requirements IT Security Frameworks and Standards ISACA issues mobile smartphone security policy guidance How to meet the PCI DSS compliance deadline on an IT security budget PCI compliance UK: The future of European merchant PCI compliance ISO 27001 SoA: Creating an information security policy document Panel advocates need for cloud computing data security standard Exclusive PCI DSS news: EU regional director rallies UK merchants Jericho Forum: Self-assessment guide How to develop a culture of security in the enterprise Using ICO privacy impact assessment template for DPA compliance The elements of a compliance-oriented architecture

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Basel II  (SearchSecurityUK.com) Code of Connection (CoCo)  (SearchSecurityUK.com) EU Data Protection Directive  (SearchSecurityUK.com) Financial Services Authority  (SearchSecurityUK.com) IFRS (International Financial Reporting Standards)  (SearchSecurityUK.com) UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary