Saturday, November 12, 2011

In-depth: Staying on the right side of the ICO



http://ow.ly/7riA2

An article by "Microscope Contributor" and provides comments by Liz Fitzsimons on the website microscope.co.uk.

The article states discusses UK regulations regarding personal information, "...Code of Practice recently published by the Information Commissioner's Office which offers guidelines on when data can be shared and how it should be protected."


The article further points out, "The Code also includes information on data sharing laws, advice on remaining transparent and avoiding common mistakes, and a summary checklist that can be used as a quick reference guide to sharing information.
The Code is published under s52 of the Data Protection Act 1998 and although it is not legally binding, it does add detail and guidance around how to interpret the 'bare minimum requirements' of the DPA in this area. The approach suggested by the Code is therefore recommended practice but, if not followed, data controllers - you, your business or someone controlling information on your behalf - are likely to face criticism and harsher sanctions if any DPA breach is considered by the ICO or the courts."

The article goes on to explain how and when the Code applies.  It is stated that, "The Code applies to the sharing of personal data between 'data controllers'. Data controllers are organisations that are in control of personal data and decide on the purposes and the manner in which it will be used."

It is further explained that, "Special rules will apply to sensitive personal data, such as on health, or confidential information, or other details the disclosure of which would be likely to cause damage or distress. Explicit consent to disclosure may be required in such cases. Where sharing personal information may involve it being sent to or viewed from outside the European Economic Area, special rules on data transfers will also have to be met."

There is also a further discussion regarding notification requirements to individuals that their data has been shared.  In addition, the author discusses lawful practices, as well as providing commentary regarding other practical concerns related to this topic.

No comments:

Post a Comment