Data Protection Act Privacy Notices: What Are They?
In response to concerns about confusing Privacy Notices, the Information Commissioners Office has recently launched a Privacy Notices Code of Practice which is designed to help organisations provide people with easier to understand privacy and marketing notices.
The ICO was concerned that many privacy notices that were found on consumer documents could be confusing, and that they seemed to be there to protect business organisations rather than inform people about their rights.
What is a Privacy Notice?
A privacy notice is the notice that you’ll find on most forms, even websites that tells you how any information that you give the company collecting that data will be used. These privacy notices are required by the Data Protection Act.The Data Protection Act states that any organisation or company which holds personal information about its customers must issue a privacy notice which guarantees that the information it is given will not be released, either for public consumption or personal gain. If your information is released, you have the right to sue the organisation that released it under the Data Protection Act rules.
Under the Data Protection Act, anyone who processes personal information must comply with eight principles, which make sure that personal information is:
- "Fairly and lawfully processed"
- "Processed for limited purposes"
- "Adequate, relevant and not excessive"
- "Accurate and up to date"
- "Not kept for longer than is necessary"
- "Processed in line with your rights"
- "Secure"
- "Not transferred to other countries without adequate protection."
Comments from The Information Commissioner’s Office
In 2006, a report from the global Organisation for Economic Co-operation and Development said that it thought that privacy notices needed to be short, simple and usable, to make it easier for consumers to understand them, and to compare the practices of different organisations they might be giving their personal information to. The ICO agreed, and in 2009 also called for privacy notices to be updates and made simpler, after a survey of consumers revealed that half of us don’t actually understand what they mean, and consequently don’t realise what we are agreeing to when we fill in forms online or on paper.
Iain Bourne, who is Head of Data Projects at the ICO, said at the time:
“The new Code of Practice places the emphasis on language to ensure privacy notices are understandable to the people they are aimed at. Organisations must use personal information in a way people would expect.
“Individuals must also empower themselves by ensuring they understand exactly what they’re agreeing to when filling in online or paper forms. The Code of Practice will help businesses to develop a higher level of trust and a better relationship with the people they collect information about. There is also a leaflet for members of the public, telling them what they can expect and what to do if their information is misused.”
The ICO carried out a consultation on a draft code of practice for privacy notices, over a period of three months, and is now working on the formal code, which is intended to make the privacy notice easier to understand and end the culture of confusion which surrounds form filling and the release of personal information under the Data Protection Act.
Keeping Your Information Private
One way of reducing the amount of information that marketing companies hold about you is to register with one of the 'preference services' which means that they should take your details off of all their mailing lists.The Mailing Preference Service: http://www.mpsonline.org.uk/mpsr/
Also, where there is an option on an online order form (or in any catalogue of brochure) to request that the organisation doesn't use the details you give them to contact you or pass on to any other organisation, make sure that you opt for this.
