Industry News
Keep up with the latest developments and information.
Resource Center > Industry News > Information Commissioner's Office demystifies data protection
Information Commissioner's Office demystifies data protection
Thursday, November 26, 2009
Article published by ICO The Information Commissioner's Office (ICO) has produced a new plain English Guide to Data Protection to provide businesses and organisations with practical advice about the Data Protection Act and dispel myths. The guide will help organisations safeguard personal data and comply with the law. The guide takes a straight-forward look at the principles of the Data Protection Act and uses practical, business-based examples. Christopher Graham, Information Commissioner, explained: "The Data Protection Act provides us all with important privacy rights and the vast majority of businesses and organisations understand their legal obligations to protect our personal details. However, there are still too many organisations playing fast and loose with personal data. Security breaches, inaccurate records and instances of data being held for too long are too common. This new guide will help organisations comply with the law and demystify data protection." Stephen Alambritis, Head of Public Affairs at the Federation of Small Businesses, said: "Small businesses do not have time for pages and pages of jargon and gobbledegook, but getting data protection right makes good business sense. Data protection lapses cost reputations and can affect the bottom line. But, many organisations tell us that data protection law is difficult to understand. This new no-nonsense guide will help the business community to understand and comply with the law." Sometimes organisations misinterpret the Act or hide behind it. Misunderstandings do occur and the ICO is aware of a number of data protection myths and duck outs. The Data Protection Myths The Data Protection Realities It is illegal to take photographs of your children in their nativity play at school. The Data Protection Act does not prevent parents taking photographs of their children and friends participating in school events. A postman refuses to deliver a parcel as it needs to be signed for by the recipient – a nine day old baby. The Data Protection Act does not prevent a parcel from being delivered to a nine day old baby. The location of a tree could not be disclosed because of data protection. The Data Protection Act certainly does not prevent an organisation from disclosing the whereabouts of a tree! It is people, rather than trees, who have information rights under the Act. The guide displays the Clear English Standard logo. Martin Cutts, research director of Plain Language Commission, which runs the Clear English Standard scheme, said: "Data protection can be complex because the law on it is often complex. This guide helps readers by slicing the subject into manageable chunks they can digest at their own pace." Example from the Guide to Data Protection A representative of a utility company calls at a property to cut off the electricity or gas. He finds that the property has been burgled and is not secure. The householder is out (and cannot be contacted). He therefore telephones the police. This is likely to involve disclosing the fact that the householder's electricity or gas is being cut off for non-payment. In such circumstances, it is reasonable to assume that, even if the householder may be embarrassed that others will know they have not paid their bills, they would be concerned about the burglary and about the protection of their property. The Guide to Data Protectionis being launched in London on 26 November 2009 by the Information Commissioner and can be downloaded from the ICO website at www.ico.gov.uk To view more data protection myths visit: http://www.ico.gov.uk/upload/documents/library/data_protection/introductory/data_protection_myths_and_realities.pdf Top tips for organisations An organisation should say what it is going to do with personal information before individuals provide any details, unless this is obvious Information should only be used for the reason for which it was collected in the first place An organisation should not collect more information than is necessary Information should be kept accurate and up to date – if an organisation is asked to make changes to a person's details, it should do this An organisation should not keep personal information if it is no longer needed An organisation must comply with requests to provide copies of information held on an individual - if asked An organisation must keep personal information secure at all times An organisation should not transfer personal details to another country unless adequate data protection arrangements are in place
The Information Commissioner's Office (ICO) has produced a new plain English Guide to Data Protection to provide businesses and organisations with practical advice about the Data Protection Act and dispel myths. The guide will help organisations safeguard personal data and comply with the law. The guide takes a straight-forward look at the principles of the Data Protection Act and uses practical, business-based examples.
Christopher Graham, Information Commissioner, explained: "The Data Protection Act provides us all with important privacy rights and the vast majority of businesses and organisations understand their legal obligations to protect our personal details. However, there are still too many organisations playing fast and loose with personal data. Security breaches, inaccurate records and instances of data being held for too long are too common. This new guide will help organisations comply with the law and demystify data protection."
Stephen Alambritis, Head of Public Affairs at the Federation of Small Businesses, said: "Small businesses do not have time for pages and pages of jargon and gobbledegook, but getting data protection right makes good business sense. Data protection lapses cost reputations and can affect the bottom line. But, many organisations tell us that data protection law is difficult to understand.
This new no-nonsense guide will help the business community to understand and comply with the law."
Sometimes organisations misinterpret the Act or hide behind it. Misunderstandings do occur and the ICO is aware of a number of data protection myths and duck outs.
The guide displays the Clear English Standard logo. Martin Cutts, research director of Plain Language Commission, which runs the Clear English Standard scheme, said: "Data protection can be complex because the law on it is often complex. This guide helps readers by slicing the subject into manageable chunks they can digest at their own pace."
Example from the Guide to Data Protection
A representative of a utility company calls at a property to cut off the electricity or gas. He finds that the property has been burgled and is not secure. The householder is out (and cannot be contacted). He therefore telephones the police. This is likely to involve disclosing the fact that the householder's electricity or gas is being cut off for non-payment. In such circumstances, it is reasonable to assume that, even if the householder may be embarrassed that others will know they have not paid their bills, they would be concerned about the burglary and about the protection of their property.
The Guide to Data Protectionis being launched in London on 26 November 2009 by the Information Commissioner and can be downloaded from the ICO website at www.ico.gov.uk
To view more data protection myths visit: http://www.ico.gov.uk/upload/documents/library/data_protection/introductory/data_protection_myths_and_realities.pdf
Top tips for organisations
Argentina
Belgium
Canada (English)
France
Germany
Ireland
Luxemburg
Puerto Rico
South Africa
South Korea
Singapore
UAE
UK
USA