BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

ICO Announces Revised Privacy Practice

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 5 Feb 2016 12:27:58 -0700
http://www.infosecurity-magazine.com/news/ico-announce-revised-privacy-notice/

The Information Commissioner’s Office (ICO) has announced a revision of its
Privacy notices code of practice for consultation, which includes an
eight-week review process where the ICO will listen to any feedback or
suggestions that are put forward before 24 March 2016.

According to an ICO blog, in revising its code of practice the ICO hopes to
make privacy notices more engaging and effective, emphasizing the
importance of giving individuals more control over how their personal data
is used.

Jo Pedder, Group Manager in the Policy Delivery department, ICO, writes:

“Individuals see a lengthy privacy notice and are instantly put off. That
is why the ICO is recommending a more blended approach. We think that using
a variety of techniques to provide privacy information is a more effective
way of engaging individuals. For example, a just in time message that
appears to tell you why your email address is needed when you are filling
out an online form will be more effective than having to click onto a
separate privacy notice or search for this information.”

The ICO’s code of practice has not been amended for several years, and with
digital advances such as smartphones, social networks and file sharing
continually changing how personal data is used this revision appears to
have come at the right time. Jo Pedder adds:

“We are all far more technology literate these days, and as a consequence
we know much more about how our data may be used. We therefore want to have
more control and choice over what can and can’t be done with our data.
Because of this, the code of practice provides advice to organizations
about how to integrate choice for individuals into their privacy notices.”

In an email to Infosecurity Jonathan Armstrong, Partner at Cordery,
discussed the current state of privacy engagement and the ICO’s decision to
revise its code of practice. He said:

“I think some organizations already look at the way they engage with
customers and employees - a good example would be Alan Carr's film for
Channel 4 on cookies. We have helped clients do this as you'll see from our
YouTube channel. A picture does paint a thousand words and a moving picture
can replace 10,000. Companies spend a lot of time knowing their customers
and their employees and need to take this learning to improve their
compliance and how they communicate what they do. Micro learning can be the
answer and the ICO is right to say organizations need to get ready for the
GDPR where this will become an increased area of focus.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.
Previous By Date Next
Previous By Thread Next

Current thread: