The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Privacy notices

Correctly collecting and handling information about people lies at the heart of data protection. For this reason we have issued a range of guidance for organisations on how to draft clear and genuinely informative privacy notices for people.

This guidance has been highly commended at the Nominet Internet Awards 2010. The awards promote UK internet best practice, and are aimed at organisations who help make the Internet a secure, open, accessible experience for everyone who uses it.

Privacy notices code of practice

The privacy notices code of practice was launched on 12 June 2009 following a period of public consultation.

This code explains that the duty to actively communicate a privacy notice is strongest where the intended use of the information will be unexpected or objectionable, or where the information is confidential or particularly sensitive. It also explains that there is little value in informing people of obvious uses of their information.

The code of practice will help you to comply with one of the most important but most misunderstood parts of the Data Protection Act 1998 (DPA). The Information Commissioner’s Office will take these standards into account when, for example, we receive a complaint that information has been collected in an unreasonable way.

Small business checklist

We have produced a leaflet specifically for small businesses. If you run a small business, this leaflet will help you decide if you need to provide a privacy notice to your customers and gives advice on how to write one.

Collecting people’s information

View examples of good and bad practice in collecting personal information. (Cookies info: playing YouTube videos sets a cookie. For more information, see our privacy notice.)


Privacy notices part 1: Street scene


View our tips on text message marketing

Good practice

Here is an example of a message with good practice applied. All marketing messages should include the sender's identity, contact details and instructions about how to opt out.

Here is an example of a message with good practice applied. All marketing messages should include the sender's identity, contact details and instructions about how to opt out.

 

Bad practice

 
Here is an example of a message with bad practice applied. No name or contact details are present, there is no opt out facility, and there are hidden charges for people that respond to the message.

 Here is an example of a message with bad practice applied. No name or contact details are present, there is no opt out facility, and there are hidden charges for people that respond to the message.