- ICO soon to publish a code for information sharing
- ICO consults on CCTV code
- EU opinion on ‘personal data’
1. ICO soon to publish a code for information sharing
The Information Commissioner’s Office yesterday launched a consultation on its new framework code of practice for sharing personal information. The office urges organisations to use this code as an example when producing their own codes.
The code, which is open for consultation until 1 October 2007, is intended to be flexible. It can be adopted as such, or organisations may wish to quote some of it and integrate this material into existing policies and systems. The framework code can also be used as a checklist to evaluate current procedures.
Iain Bourne, Head of Data Protection Projects at the ICO, said: “Good practice in this area is of paramount importance. The framework code of Practice aims to help establish good practice when sharing personal information, whether it is being shared with another organisation or between different departments within the same organisation. It should also help to reduce the uncertainty that can surround information-sharing.”
The framework code of Practice for Sharing Personal Information is available at: http://www.ico.gov.uk/Home/about_us/consultations/our_consultations.aspx
2. ICO consults on CCTV code
The Information Commissioner is currently consulting on its new CCTV Draft Code of Practice. The Code is aimed at businesses and organisations that routinely use CCTV to capture images of individuals. Most uses of CCTV are covered by the Data Protection Act and the provisions of this code. There is also guidance for those whose use of CCTV is very limited, and for those who monitor their employees.
The draft code states that CCTV must not be used to record conversations between members of the public. According to the draft code, this action is ‘highly intrusive and unlikely to be justified’. If a CCTV system is equipped with a sound recording facility, it should always be turned off or disabled.
The draft also addresses requests made under the UK and Scottish Freedom of Information Acts. If the requested images are of the requester himself/herself, that information is exempt from the FOIA/FOISA, and should be treated as a data protection subject access
request. If the images are of other people, and they can be identified from the images, it is personal data and cannot be released.
The Consultation opened on 2 August and closes on 31 October 2007. A form for submitting comments is available on the ICO website http://www.ico.gov.uk.
The consultation document is available at http://www.ico.gov.uk/
3. ICO publishes guidance on bankruptcy
The EU Art. 29 Data Protection Working Party has recently issued an opinion on the interpretation of ‘personal data’.
The opinion analyses how the four aspects of the ‘personal data’ concept – ie “any information relating to an identified or identifiable natural person” – should be understood.
The Working Party gives “any information” a broad interpretation. The group says that the concept of personal data includes information available in whatever form – for example sound and image data qualify. The Working Party points out that it is not always self-evident that information "relates" to an individual. In some situations, the information conveyed by the data concerns objects in the first instance, and not individuals, for example a car service record can be linked to the owner at the time of billing.
Regarding the term “identified or identifiable”, the Working Party says that both direct and indirect identification should be considered. The Working Party also states that although the Directive applies to “natural persons”, dead persons, unborn children and legal persons could be included in certain cases.
The UK Information Commissioner said at the PL&B 20th Annual International Conference in July that his office is working on guidance on this matter. He was confident that advice can be given in line with the Working Party’s opinion, regardless of the Court of Appeal’s decision in Durant v Financial Services Authority (PL&B UK Newsletter February 2004 pp. 12-13), which contains a restrictive interpretation of ‘personal data’.
The Working Party’s opinion, adopted on 20 June 2007, can be accessed at
For further details on the Privacy Laws & Business UK Newsletter, please click here.
Copyright Privacy Laws & Business 2007