ICO to endorse 'privacy seals' schemes

Out-Law News | 04 Sep 2014 | 10:12 am | 1 min. read

Businesses operating in the UK will be able to obtain certification that they maintain "good privacy standards" under at least one new 'privacy seal scheme' that is to be endorsed by the country's data protection watchdog.

The Information Commissioner's Office (ICO) has launched a consultation on establishing criteria for prospective privacy seals schemes (12-page / 228KB PDF) that wish to obtain ICO endorsement. Privacy seals schemes afford businesses the chance to obtain a "stamp of approval" for their privacy practices, it said.

The ICO confirmed that a number of privacy seals schemes could be operational with its endorsement some time in 2016. Individual schemes could be sector-specific or have cross-sector scope, it said, but must be new, relate to personal data processing in the UK, be "consumer facing" and focus on "a particular product, process or service". In addition, scheme operators must be able to demonstrate that there is a case for a privacy certification scheme in its target area to stand a chance of ICO endorsement, according to the watchdog's plans.

However, the ICO said that it would only endorse schemes that make it a requirement for member organisations to "self-report serious or recurring data breaches" to it.

Only privacy seal schemes that contain mechanisms for either monitoring, auditing or reviewing organisations' compliance with the certification standards will qualify for potential ICO endorsement, under other draft criteria the ICO has outlined.

The ICO said the privacy seals schemes it will endorse will be operated by independent bodies and that those bodies would need to gain official accreditation from the UK Accreditation Service (UKAS) to win its endorsement. It said it will "participate in the UKAS accreditation process by offering technical expertise and advice to UKAS".

"The ICO will endorse at least one scheme for a minimum of three years and will review all endorsed schemes in the final year," the ICO said in its draft framework criteria consultation. "The review will examine whether the scheme continues to meet the framework criteria and whether the scheme operator has maintained its UKAS accreditation. The ICO will continue to endorse the scheme providing these conditions are met and there are no other factors that make the scheme unviable or mean endorsement from the ICO would be inappropriate."

The ICO's consultation closes on 3 October.