Information Commissioner publishes new Code of Practice on Privacy Notices (IP/IT newsletter, July 2009)

Following a period of consultation, the Information Commissioner has published a new Code of Practice on Privacy Notices to provide practical guidance and common-sense advice for all data controllers on privacy notices. Although the guidance is not mandatory, any organisation that processes personal data should consider the principles of the Code when preparing, reviewing or revising existing forms of privacy notices or policies.

Processing must be fair

To ensure fair processing of personal data, the Data Protection Act 1998 requires all data controllers to provide a form of privacy notice to people whose data they are collecting or using. Over time, some such notices have become complex legal documents that are not genuinely informative for the readers; the new Code of Practice sets out a more user-friendly approach.

The Code confirms the types of information which should be included to ensure that an individual is fully aware and informed of the use of his or her personal data. This includes:

• the purposes for which the personal data is being collected;
• whether the data will be transferred and if so to whom and whether it will be transferred abroad;
• whether replies to questions are mandatory or voluntary and the consequences of not providing the information; and
• whether the data gatherer will be carrying out any form of direct marketing and details of who to contact in relation to use of the information.

Code encourages best practice

In a new step, the Code includes practical advice on how to present the information in the notice. The essential message for data controllers is to ensure that the privacy notice is in plain English and avoids legal terms. The Code includes examples of good and bad practice and encourages the use of layering in an on-line context, i.e. where a short form is provided with a link to the full privacy notice.

Please click on the links below for the other articles in the July 2009 IP/IT newsletter

• Luxury brands take the stand in our review of recent trade mark cases
• At last! A decision on employee compensation for patented inventions
• Community Trade Marks are cheaper than ever - so it is still worth applying for national protection?
• Oasis fails to secure oasis.co.uk in controversial Nominet ruling
• Does the UK's implementation of EU privacy Directives show poor Phorm?

Contacts

Mark Lubbock
T: +44 (0)20 7638 1111
E: mark.lubbock@ashurst.com

Ian Starr
T: +44 (0)20 7638 1111
E: ian.starr@ashurst.com

This newsletter is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to. Readers should take legal advice before applying the information contained in this publication to specific issues or transactions.