The Information Commissioner’s Office (ICO) has announced a revision of its Privacy notices code of practice for consultation, which includes an eight-week review process where the ICO will listen to any feedback or suggestions that are put forward before 24 March 2016.
According to an ICO blog, in revising its code of practice the ICO hopes to make privacy notices more engaging and effective, emphasizing the importance of giving individuals more control over how their personal data is used.
Jo Pedder, Group Manager in the Policy Delivery department, ICO, writes:
“Individuals see a lengthy privacy notice and are instantly put off. That is why the ICO is recommending a more blended approach. We think that using a variety of techniques to provide privacy information is a more effective way of engaging individuals. For example, a just in time message that appears to tell you why your email address is needed when you are filling out an online form will be more effective than having to click onto a separate privacy notice or search for this information.”
The ICO’s code of practice has not been amended for several years, and with digital advances such as smartphones, social networks and file sharing continually changing how personal data is used this revision appears to have come at the right time. Jo Pedder adds:
“We are all far more technology literate these days, and as a consequence we know much more about how our data may be used. We therefore want to have more control and choice over what can and can’t be done with our data. Because of this, the code of practice provides advice to organizations about how to integrate choice for individuals into their privacy notices.”
In an email to Infosecurity Jonathan Armstrong, Partner at Cordery, discussed the current state of privacy engagement and the ICO’s decision to revise its code of practice. He said:
“I think some organizations already look at the way they engage with customers and employees - a good example would be Alan Carr's film for Channel 4 on cookies. We have helped clients do this as you'll see from our YouTube channel. A picture does paint a thousand words and a moving picture can replace 10,000. Companies spend a lot of time knowing their customers and their employees and need to take this learning to improve their compliance and how they communicate what they do. Micro learning can be the answer and the ICO is right to say organizations need to get ready for the GDPR where this will become an increased area of focus.”