The data protection watchdog the Information Commissioner’s Office (ICO) has published its updated privacy impact assessments code of practice to help organisations respect people’s privacy when changing the way they handle people’s information.
The code explains the privacy issues that organisations should consider when planning projects that use personal information, including the need to consult, identify privacy risks and address these risks in the final project plan.
With a research study by the ICO last year showing that only 40 per cent of people believe that organisations handle their information in a fair and proper way, privacy impact assessments can be an important means of retaining consumer trust by showing that organisations are working to respect people’s privacy.
ICO Head of Policy, Steve Wood, said: “The development of projects involving the processing of large amounts of personal information is no longer the preserve of the public sector and large businesses. Today even an app developer can be developing a product in their bedroom that involves using thousands of people’s information.
“This is why we have published our updated privacy impact assessments code of practice to help organisations of all sizes ensure that the privacy risks associated with a project are identified and addressed at an early stage during a project’s development. The updated code is designed to ensure that privacy impact assessments fit into the project development process, allowing organisations to follow a privacy by design approach to developing new ways of using people’s information. Successfully adopting this approach can only be good for consumers and for business and can enable organisations to demonstrate their compliance with the Data Protection Act.”
The code publication follows an external consultation between August and November 2013. The watchdog adds that the consultation highlighted the need for the updated code to be flexible enough to apply to organisations of all sizes and for privacy impact assessments to fit into the project development process. These issues have been addressed in the updated guidance, the ICO says.
Organisations can find a more detailed analysis of how privacy impact assessments fit with project management and risk management methodologies in the research project report privacy impact assessment and risk management, prepared for the ICO by Trilateral Research and Consulting.
The ICO adds that it will be working with industry sectors to help organisations embed privacy impact assessments into their practices.
