ICO urges organisations to promise to do better on privacy

The ICO has launched the Personal Information Promise, which binds signatories to put privacy at the centre of their information policies and to do more than the law requires to protect people's privacy.

"Organisations are waking up to the fact that privacy is now so significant that lapses risk reputations and bottom lines," said Information Commissioner Richard Thomas. "What company wants inaccurate records on its customers? What public body can afford to take risks with sensitive personal details? I urge leaders across government, the public, private and third sectors to take a positive attitude to data protection."

The ICO said that 20 organisations, including Royal Mail, British Telecom and Vodafone, had signed up to the promise.

"Protecting people’s personal details should not be left to chance," said Thomas. "I urge all CEOs and their executive teams to take personal responsibility for treating data protection as a corporate governance issue affecting the whole organisation. They have to make sure that safeguarding the personal information of the customers and staff is embedded in their organisational culture."

The promise binds whoever signs it on behalf of their organisation to "go further than just the letter of the law when it comes to handling", and to "consider and address the privacy risks first when we are planning to use or hold personal information in new ways, such as when introducing new systems".

Information law expert Rosemary Jay of Pinsent Masons, the law firm behind OUT-LAW.COM, said that the promise is likely to be most effective when it forms part of wider activity aimed at increasing privacy.

"The question is when is this useful for an organisation, when does it add value to do this?" she said. "It adds value when it's part of a bigger commitment, when it's assimilated into a training programme or an audit of how the organisation behaves."

"At the end of that kind of process it would be a positive step to say that the organisation is in a position to sign up to this, it would be something owned by a business, not just a promise made by the boss," she said.

The ICO said that it had launched the promise because it believes that personal information is not treated as seriously by organisations as it should be.

The ICO also said that it had discovered that businesses were strong backers of data protection.

"New research, released today by the ICO, reveals that most organisations are strong  advocates of the Data Protection Act with 95% saying it is needed," said an ICO statement. "The figures, contained in the ICO’s annual tracking survey, highlight that adhering to the  Principles of the Act makes good business sense with 87% of organisations saying the Act improves customers’ trust."

The promise has been signed by some public authorities such as Belfast City Council and the NHS Information Centre, but not by central Government.