Graham appealed to organisations to be honest with consumers about why personal information is collected and how it will be used.
"Get privacy right and you will retain the trust and confidence of your customers and users", he told the Privacy Laws and Business conference in Cambridge.
Organisations that mislead consumers or collect information they do not need are likely to diminish customer trust, he said.
Such actions will also risk enforcement action from the Information Commissioner's Office (ICO).
Organisations that adhere to the good practice set out in the new code will enable consumers to make an informed choice about whether they sign up for a particular online service, said Graham.
"Keeping out of date records or not holding personal information securely helps nobody and could result in enforcement action", he said.
Graham called on organisations to be transparent so that consumers can make online privacy choices and see how their information will be used.
Individuals should take control by checking their privacy settings and being careful about the amount of personal details they post to social networking sites and elsewhere online, he said.
The ICO has also published a guide for small business and consumers.
ICO guidance: organisations must ensure information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection
This story was first published by Computer Weekly