Data Protection Act

Howard Lake | 25 July 2008 | Blogs

I missed out on the last event Data Protection Act event organised by the Institute of Fundraising, and will try to make the next one.
In July 2008 the Information Commissioner’s Office (ICO) served enforcement notices against HM Revenue and Customs and the Ministry of Defence. The HMRC had lost two compact discs containing the personal data of up to 25 million individuals and somebody managed to steal a Royal Navy recruiter’s laptop computer containing personal data of approximately 600,000 recruits or potential recruits. If government departments can’t implement their own rules, I wonder how the rest of us are doing.
I have just received the latest newsletter from the ICO, and note that the ICO is “about to start work on a code of practice dealing with all aspects of collecting information about people”. “The code will address issues such as drafting privacy notices, standards of explanation for individuals and the issues that arise when collecting information about groups such as children”. I recently deleted an attachment that someone had emailed me, because it contained information on the health of a child, as well as information on the nationality of a potential prospect.
The ICO is keen to illustrate this work with examples drawn from real life. If you have examples of “innovative, genuinely informative or otherwise appealing ways of explaining the collection of personal information”, please send them to the ICO. It is also keen to see examples of bad practice – “the overly legalistic, the counter-intuitive or the downright deceptive”.
If you would like to be part of a small critical reader and consultation group or if you have any examples please contact shona.ritchie@ico.gsi.gov.uk
Any takers?
See you at a future Data Protection Act event?