The Information Commissioner's Office (ICO)
has published guidance for businesses on sharing data, following
confusion about their responsibilities under the
Data Protection Act.
The paper,
"
Sharing Personal Information: Our Approach", outlines key
issues the ICO expects firms to consider as best practice when
exchanging data. These include conducting a risk-benefit analysis,
having the means to validate and verify data, and making sure that
both technical and organisational security measures are in
place.
Iain Bourne, head of information sharing at the ICO, said his
office had noticed an increase in calls from organisations
questioning what data they could and could not share, how this
should be administered without breaking laws, and what the ICO's
expectations were.
"The growing use of IT in companies has fuelled information
exchange and the number of questions we were receiving. Although
the guidance is not prescriptive, it should make our expectations
of companies clearer," said Bourne.
Stephen Alambritis, head of parliamentary affairs at the
Federation of Small Businesses, said businesses understood the
importance of protecting data, but were confused about the exact
processes and procedures that needed to be in place.
"Larger companies devote entire departments to data protection,
but in many smaller ones, it is left to the business owner who
needs clear guidance," he said.
Business data protection: the expert view >>
Read the paper >>
The Federation of Small
Businesses >>
Comment on this article:
computer.weekly@rbi.co.uk