ICO’s Privacy Impact Assessments Code Published

February 25, 2014

On 25 February, the ICO published its updated privacy impact assessments code of practice ‘to help organisations respect people’s privacy when changing the way they handle people’s information’.

The Code explains the privacy issues that organisations should consider when planning projects that use personal information, including the need to consult with stakeholders, identify privacy risks and address these risks in the final project plan.

With a research study carried out by the ICO last year showing that only 40% of people believe that organisations handle their information in a fair and proper way, privacy impact assessments can be an important means of retaining consumer trust by showing that organisations are working to respect people’s privacy.

ICO Head of Policy, Steve Wood, said:

‘The development of projects involving the processing of large amounts of personal information is no longer the preserve of the public sector and large businesses. Today even an app developer can be developing a product in their bedroom that involves using thousands of people’s information. This is why we have published our updated privacy impact assessments code of practice to help organisations of all sizes ensure that the privacy risks associated with a project are identified and addressed at an early stage during a project’s development. The updated code is designed to ensure that privacy impact assessments fit into the project development process, allowing organisations to follow a privacy by design approach to developing new ways of using people’s information. Successfully adopting this approach can only be good for consumers and for business and can enable organisations to demonstrate their compliance with the Data Protection Act.’

The publication of the PIA Code follows an external consultation carried out with stakeholders between August and November 2013. The consultation highlighted the need for the updated code to be flexible enough to be applicable to organisations of all sizes and for privacy impact assessments to fit into the existing project development process.