SCL has responded to the ICO’s consultation regarding its Conducting Privacy Impact Assessments Code of Practice, following a workshop meeting on 31 October 2013, attended by a number of SCL members – a mixture of private practice and in-house lawyers who work with data protection matters. The consultation workshop was chaired by Hazel Grant, Chair of the SCL Privacy and Data Protection Group and Partner, Bristows LLP.
The full SCL response (pdf) can be downloaded from the panel opposite. Many observations and views are reflected in the response on the Code on Privacy Impact Assessments (PIAs), often springing from its lack of flexibility and concerns over its public sector roots, included the following:
· where resources are limited, organisations are likely to focus on high level risks only and a full PIA, or even a documented PIA at all, may not always be appropriate
· the length and language of the code meant that it was not particularly accessible to all personnel across an organisation and privacy officers would have to ‘translate’ and condense it for broader use
· the code’s recommendation that PIAs be published and the practical consequences of this for private sector organisations were matters of concern – the requirement to publish could have the effect of deterring organisations from conducting PIAs
· the idea of engaging the general public in consultations in the course of PIAs was unrealistic as often the persons affected would be company employees
· examples of good (and bad) PIAs should be included in the Code to improve the understanding of how a PIA should look.
SCL is grateful to Hazel Grant for her sterling work in preparing the response and to Bristows for its generous hosting of the workshop.