The Information Commissioner’s Office has launched new guidelines for ensuring the privacy of personal information online.
In the new document, Personal information online code of practice, the ICO encourages organisations to be transparent about how they will use consumers’ personal information, to avoid the risk of being penalised by the regulator. The code is based on the Data Protection Act 1998.
Christopher Graham, the Information Commissioner, said: “Get privacy right and you will retain the trust and confidence of your customers and users; mislead consumers or collect information you don’t need and you are likely to diminish customer trust and face enforcement action from the ICO.”
The code of practice details eight principles by which anyone who processes personal information must comply. These include making sure that personal information is accurate and up to date, not kept for longer than is necessary, secure and not transferred to other countries without adequate protection.
Personal information should also be fairly and lawfully processed, and should be adequate, relevant and not excessive, which means only collecting personal data that is needed and in a timely manner.
As well as providing information for organisations processing personal information, Graham advised consumers to take care with their personal information.
“Individuals can take control by checking their privacy settings and being careful about the amount of personal details they post to social networking sites and elsewhere online.”
Firms can access the new code of practice here.