New Code of Practice on privacy notices


Date: 20 July 2009

Businesses will welcome new guidance from the Information Commissioner’s Office (ICO) on producing user-friendly privacy notices that comply with the law. Privacy notices set out how the information your organisation collects about someone – for example, because they complete a paper or online form - will be used.

Following a public consultation earlier this year, in the light of consumer research showing that half of consumers do not understand what they are signing up to when they fill in online and paper forms, the ICO has published a new Code of Practice that will help organisations provide more user-friendly privacy and marketing notices.

The guidance reminds businesses that personal information is required by law to be processed fairly, and a privacy notice should state:

  • the identity of the organisation in control of the processing;
  • the purpose or purposes for which the information will be processed; and
  • any further information necessary, in the specific circumstances, to enable the processing in respect of the individual to be fair.

In addition, the ICO has produced a checklist to help small businesses decide if they need to provide a privacy notice to their customers (eg where customers do not already know who they are or what they will do with personal information, including disclosing it to a third party).

  • Download the Code of Practice and small business checklist from the ICO website

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.