The Information Commissioner has now launched a draft text for a new guide on Personal Information Online, with an opportunity to comment on the text over the next three months. It’s good to see that some of the issues I raised at a preparatory meeting have been included, so I’d encourage readers to have a look at the draft guide and provide their own comments.
The guide takes a pragmatic approach to problem areas of current legislation, for example by recognising the role of privacy-protecting identifiers and the paradox that using them can actually make it hard or impossible to fully satisfy the duty to provide subject access. The challenges around international transfers are helped by stressing that reducing risk to personal information matters more than trying to apply geographic borders to Internet business. There is further detail on cloud computing and outsourcing, and a checklist that organisations can use to assess the risks of these types of arrangement.
Presentations from the launch event are available, and Outlaw have a discussion of the main points raised.
