ICO moves to raise data security profile

gallery

The Office of the Information Commissioner (ICO) has launched additional Data Protection Act (DPA) guidance designed to address a lack of awareness aboiut the regulation among smaller businesses revealed by survey results today.

Small-to-medium sized businesses (SMBs) have a much lower awareness of the principles of the DPA than larger organisations, according to new research commissioned by the ICO.

Although just over half of 813 SMBs questioned during August and September this year recognised the importance of keeping customers' personal information secure, only 22 per cent were aware of their obligations under the Act to keep customer information accurate and up-to-date.

Speaking at the Privacy and Data Protection conference this week Information Commissioner, Richard Thomas said: "In an age where the risk of identity fraud is increasing these findings are of considerable concern."

The research revealed most businesses (94 per cent) believe the Act is necessary. But Thomas warned SMBs that a lack of awareness of the business implications of the Act would not be sufficient excuse to avoid the consequences of non-compliance.

"The majority of businesses are complying with the Act but my Office will not, and does not, hesitate to take action against the few businesses which are failing to protect their customers' personal information effectively," he said.

In response, new guidance published by the ICO today sets out a framework for organisations that need to share people's personal information. The Framework Code of Practice for Sharing Personal Information explains how organisations can set up their own arrangements to ensure that, where personal information is shared, good practice is adopted. The ICO will endorse organisations' own Codes of Practice subject to the right to audit arrangements being in places.

The framework outlines factors, such as security, accuracy of information and retention periods and is designed to be flexible, enabling organisations to extract relevant content and integrate it into existing policies and systems, as well as to augment training practices.

Iain Bourne, head of data protection projects said: "There are risks to sharing personal information, especially as technology makes it easier to store large amounts of sensitive information about people's private lives. Information must be shared in a secure, lawful and responsible way in order to maintain public trust and confidence.

"I encourage organisations to use the framework to develop their own code of practice to support good information sharing while maintaining public trust and respecting personal privacy."

This framework is one of a series of short Good Practice Notes published by the ICO that are designed to help SMBs understand data protection. It is available for download on the ICO's website.

Email to a friend

Print this page