ICO issues policy on data sharing

The Information Commissioner's Office (ICO) has published guidance for businesses on sharing data, following confusion about their responsibilities under the Data Protection Act.

The Information Commissioner's Office (ICO) has published guidance for businesses on sharing data, following confusion about their responsibilities under the Data Protection Act.

The paper, "Sharing Personal Information: Our Approach", outlines key issues the ICO expects firms to consider as best practice when exchanging data. These include conducting a risk-benefit analysis, having the means to validate and verify data, and making sure that both technical and organisational security measures are in place.

Iain Bourne, head of information sharing at the ICO, said his office had noticed an increase in calls from organisations questioning what data they could and could not share, how this should be administered without breaking laws, and what the ICO's expectations were.

"The growing use of IT in companies has fuelled information exchange and the number of questions we were receiving. Although the guidance is not prescriptive, it should make our expectations of companies clearer," said Bourne.

Stephen Alambritis, head of parliamentary affairs at the Federation of Small Businesses, said businesses understood the importance of protecting data, but were confused about the exact processes and procedures that needed to be in place.

"Larger companies devote entire departments to data protection, but in many smaller ones, it is left to the business owner who needs clear guidance," he said.

Business data protection: the expert view >>

Read the paper >>

The Federation of Small Businesses >>

Comment on this article: computer.weekly@rbi.co.uk

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close