The latest Code of Practice from the ICO is the Personal information online code of practice. The Code, issued under s 51 of the Data Protection Act 1998 is the Information Commissioner’s interpretation of what the DPA requires when personal data is collected and used online. The Code states that it ‘gives advice on good practice, but compliance with our recommendations is not mandatory where they go beyond the strict requirements of the Act. The code itself does not have the force of law, as it is the DPA that places legally enforceable obligations on organisations.’
Launching the Code, Christopher Graham, the Information Commissioner, said:
‘The benefits of the internet age are clear: the chance to make more contacts, quicker transactions and greater convenience. But there are risks too. A record of our online activity can reveal our most personal interests. Get privacy right and you will retain the trust and confidence of your customers and users; mislead consumers or collect information you don’t need and you are likely to diminish customer trust and face enforcement action from the ICO.’
He added: ‘Organisations must be transparent so that consumers can make online privacy choices and see how their information will be used. Individuals can take control by checking their privacy settings and being careful about the amount of personal details they post to social networking sites and elsewhere online.’
The new Code is available as an ebook here