Personal information online

More and more people are conducting their personal affairs online. Online shopping, social networking, job hunting and the ability to carry out ‘official’ functions, such as renewing car tax or contacting local councils and government departments online, are now an everyday part of life.

The code explains how the Data Protection Act applies to the collection and use of personal data online. It provides good practice advice for organisations that do business or provide services online. It was launched in July 2010 following an extensive consultation process.

The code explains the privacy risks that may arise when operating online, and suggests ways for organisations to deal with them. It stresses the importance of treating consumers’ information properly, and being transparent about how their information is used.

The code covers topics including online marketing, operating internationally, and applying individuals’ rights in an online environment. It applies equally to the public and private sectors.

On 26 May 2011 the rules on using cookies changed. This guidance reflects the law before that date. Our advice on the new cookies law sets out the changes and explains what steps you need to take now to ensure you comply.

If you run a small business with an online presence, this checklist will help you to adopt best practice when processing your customers’ information.

Protecting personal data in online services

This report identifies eight of the most common IT security vulnerabilities that have resulted in organisations failing to keep people’s information secure.

The flaws were identified during the ICO’s investigations into data breaches caused by poor IT security practices. Many of these incidents have led to serious security breaches resulting in the ICO issuing monetary penalties totalling almost a million pounds.

Your questions answered – video

Simon Rice, Group Manager for our Technology team, answers questions sent to us via Twitter and our WordPress blog about the report.

Mobile apps

As with any other business or project, developers of applications for mobile devices need to comply with the Data Protection Act.

A typical mobile ecosystem contains many different components, including mobile devices themselves, their operating systems, plus apps provided through an app store. In many ways these are simply developments of earlier concepts that have been used on less portable computer hardware for years, but the mobile environment has some particular features that make privacy a pressing concern.

In light of these features, this guidance has been produced to help app developers comply with the Data Protection Act 1998 and ensure users' privacy.

Wi-Fi analytics

Monitoring individuals through the use of Wi-Fi analytics can be a privacy intrusive activity unless specific actions are taken. This guidance has been developed to explain these risks and give advice to organisations considering the use of the technology.