The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Privacy by design

Privacy by Design is an approach whereby privacy and data protection compliance is designed into systems holding information right from the start, rather than being bolted on afterwards or ignored, as has too often been the case.

In November 2008 we launched our Privacy by Design report.

Our Privacy by Design implementation plan identifies themes and action points arising from the report, summarised below.

Planning for Privacy by Design

Organisations are not always considering or addressing privacy concerns throughout their systems’ lifecycle. Performing privacy impact assessments, managing privacy risks and promoting greater transparency can address this.

Engaging Executive Management

Executive managers not recognising their responsibility to protect individuals’ privacy can lead to a lack of suitable privacy investment as can the at times unclear commercial risks and benefits. ICO initiatives to combat this include:

Developing Practical Privacy Standards

There is been a lack of uniform privacy standards, especially at international level, which is now beginning to change. The ICO works with data protection authorities, standards organisations and government and industry bodies internationally, to advise, discuss and develop new practical privacy standards.

Good Practice and Guidance

The ICO has a range of guidance and practical advice for organisations and individuals. Our Data Protection Strategy explains our approach to minimising data protection risk.


The study on the use of privacy impact assessments around the world were developed for the Information Commissioner by an international team of experts coordinated by the University of Loughborough. This is groundbreaking work and has provoked much interest with some government departments already wanting to use it.