Privacy Statements
The Information Commissioner's Office (ICO) has issued a new Code of Practice on privacy notices to help businesses that collect personal information to produce more user-friendly ones.
The launch of the new Code follows consumer research conducted earlier this year which found that 71% of respondents did not properly read or understand privacy policies and 62% would prefer a more straightforward explanation of how their personal data would be used by organisations.
A good privacy notice should clearly state the entities that will be passed data (failure to mention group companies and other third parties to whom names and contact details will be passed for marketing purposes is a common mistake); provide a clear list of uses that will be made; and contain one or more correctly worded opt-in or opt-out notices linked to further sources of information.
Anyone who processes personal information must comply with eight principles, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection