Brand owners which share their customer data with other companies are being advised to “get a grip” on a new code of practice designed to ensure data is kept safely.
The rise of online transactions – from shopping to banking – has led the Information Commissioner’s Office to write a new code offering organisations practical advice on sharing data. The document looks at both regular data transfers and one-off events. It covers when data can be shared and how it should be protected.
The code, which replaces the previous framework code of practice, includes more case studies from both the public and private sectors.
Information Commissioner Christopher Graham promised the consultation period meant the advice would make sense in the real world and not just on paper, and although not legally binding, it can be admissible in subsequent court hearings.
Graham said: “Few would argue that sharing data can play an important role in providing an efficient service to consumers in both the public and private sector. More and more transactions are done online – from shopping and banking to managing tax and health records. People now have an expectation that, where appropriate and necessary, their personal details may be shared. However, this does not mean that companies or public bodies can do this just as they see fit. The public rightly wants to remain in control of who is using their information and why, and they need to feel confident that it is being kept safe.
“The code of practice we’ve issued today offers a best practice approach that can be applied in all sectors. It reflects the constructive comments we received during the consultation period, meaning that we can be confident that it not only makes sense on paper but will also work in the real world too. I’d encourage all businesses and public bodies that share personal data to get to grips with the code without delay so they can be sure they are getting it right.”