The paper, "Sharing Personal Information: Our Approach", outlines key issues the ICO expects firms to consider as best practice when exchanging data. These include conducting a risk-benefit analysis, having the means to validate and verify data, and making sure that both technical and organisational security measures are in place.
Iain Bourne, head of information sharing at the ICO, said his office had noticed an increase in calls from organisations questioning what data they could and could not share, how this should be administered without breaking laws, and what the ICO's expectations were.
"The growing use of IT in companies has fuelled information exchange and the number of questions we were receiving. Although the guidance is not prescriptive, it should make our expectations of companies clearer," said Bourne.
Stephen Alambritis, head of parliamentary affairs at the Federation of Small Businesses, said businesses understood the importance of protecting data, but were confused about the exact processes and procedures that needed to be in place.
"Larger companies devote entire departments to data protection, but in many smaller ones, it is left to the business owner who needs clear guidance," he said.
Comment on this article: email@example.com