- New notification fees from October
- New Privacy Notices Code of Practice
- New Privacy Impact Assessment handbook now available
- Government commits to encryption
1. New notification fees from October
Notification fee regulations, laid before Parliament on Monday 6 July, will change the notification fee for large organisations from £35 to £500. Any private sector organisation with more than 250 staff and a turnover over £25.9 million falls into this category. Small and medium sized organisations as well as charities will continue to pay the current notification fee of £35.
For the public sector, the monetary criterion does not apply.
The changes, if approved as proposed, will enter into force on 1st October 2009.
The ICO’s new fining powers as per the Criminal Justice and Immigration Act 2008 are expected to apply from early 2010.
More about the new fees, ICO’s fining power and audits in the August issue of PL&B UK.
2. New Privacy Notices Code of Practice
This new privacy notices code from the ICO, published on the 12 June, advises organisations to write privacy notices in plain English, and actively communicate them. The ICO says that if the person concerned would be surprised by your use of their personal information, then you should take steps to send a letter, read out a script or distribute an email explaining exactly how their personal details will be used. The code includes examples of good and bad privacy notices, and advises how to create layered notices.
3. New Privacy Impact Assessment handbook now available
The ICO published its 2nd version of the Privacy Impact Assessment (PIA) Handbook in June. The handbook guides organisations through a PIA, which is tool to conduct a risk assessment of any privacy issues before starting new projects or programmes. By addressing privacy concerns at an early stage, organisations would save time and money.
4. Government commits to encryption
In its response to the House of Lords enquiry into surveillance, the government has specified the requirements for the public sector to use encryption. The government says that encryption to a standard of at least FIPS 140-2 or equivalent must be employed in the following circumstances:
- secure remote access over the Internet
- secure transfer of information to a remote computer on a secure site
- where data is transferred via removable media, including laptops, removable discs, CDs, USB memory sticks, PDAs and media card formats.
The response, published 13 May, is available at http://www.parliament.uk/documents/upload/GovernmentResponseSurveillance.pdf
A full report on the Lords enquiry and the Government’s response to it will be published in PL&B UK / August issue.
For further details on the Privacy Laws & Business UK Newsletter, please click here.
Copyright Privacy Laws & Business 2009