CBI survey of attitudes to data protection
The Confederation of British Industry, which represents UK businesses, has launched a survey of business people's perceptions and experiences of data protection legislation. The survey can be accessed here.
The ICO urges any business people with an interest in the future of data protection to take part in the survey. Its findings will feed into ICO’s own work on reviewing the European Data Protection Directive.
The survey closes on 24 November 2008. Any enquiries about it should be sent to dataprotectionsurvey@cbi.org.uk.
Privacy By Design
The ICO has commissioned the Enterprise Privacy Group to undertake a project aimed at promoting ‘privacy by design’. Despite more than 20 years of data protection legislation in the UK and efforts to encourage the adoption of privacy friendly technologies and ways of working, progress has been disappointing and data protection and privacy safeguards are often bolted on as inadequate afterthoughts rather than built into new developments from first principles.
With the current drive for increased information sharing, large centralised databases and increasing use of biometrics, the ICO sees the concepts at the heart of ‘privacy by design’ as helping ensure that essential safeguards against potential unwarranted risks to individuals' information and privacy are put in place in new developments. The ICO wants to try to help bridge the current gap in both the public and private sectors.
The project will culminate in a short report setting out the privacy by design concept and mentioning some of the privacy enhancing technologies and working methods that already exist. The report will concentrate on why there have not been better levels of adoption; the barriers to this and what can be done to improve the situation.
The ICO will publish the completed report at a conference it is organising entitled ‘Privacy by Design’. The free to attend conference will be held at the Lowry Hotel Manchester on the 26 November 2008. Further details about the project and how to participate in the work can be found on the privacy by design website.
Notifications payment research
It is being considered that the charging regime for data controllers notifying with the ICO will be revised. In February 2008 a research project conducted amongst data controllers was commissioned to provide information to help inform how the revised charging regime could be applied.
SMSR Ltd was commissioned to undertake the study on behalf of the ICO. SMSR Ltd is an independent market research company based in Hull which adheres to the Market Research Society’s Code of Conduct.
Notifications payment research report
New Approaches to Identity Management and Privacy
The collection and storage of large amounts of personal information in databases, as well as the possible sharing of that information amongst different organisations, leads to increased risks for individuals. The more information that is held and/or shared, the greater the potential impact on an individual were that information to be lost or stolen.
Identity management – the use of personal information in order to adequately identify an individual who is trying to access your products or services – is an important tool as it not only protects organisations through ensuring that the right person is accessing the right services but can also be a way of helping to protect individuals from the risks that large databases and increased information sharing bring through giving some control and choice back to the individual.
Traditionally, identity management has centred on allocating a single identifier to an individual and putting all the information about them in a database. However, there are other identity management techniques which can reduce the risk posed by putting information all together in one collection or using a single, common identifier.
This paper was commissioned by the ICO from experts with experience of the different identity management techniques in order to describe the different solutions available which can bring protection to individuals and the situations in which these solutions can be appropriately applied. Different identity management techniques will be applicable in different situations. The purpose of this paper is to help inform those working in this area of the alternative forms of identity management techniques that are available and which can help to protect privacy.
Whilst the paper was commissioned by the ICO, it is aimed at broadening the understanding of the identity management techniques available rather than the Commissioner advocating a particular technique in all circumstances.
View the full findings
UK consumers wake up to privacy
The ICO commissioned a survey of 1,000 individuals into their attitude towards personal information and how it is held by organistions following the recent high profile data loss by HMRC. The research was conducted by ICM in February 2008.
View the full findings
Stakeholder perception study
A commitment of the stakeholder relations strategy, launched in 2007 is to track progress of our actions. As a result a survey was undertaken in March 2008 to measure perceptions of the ICO amongst key stakeholders.
The stakeholder perception study involved stakeholders which have a high interest in what we do and can have a high influence on ICO, data protection and freedom of information issues.
The research was conducted on behalf of the ICO by Jigsaw Research and Critical Research, both independent market research agencies based in London.
Stakeholder perception study: research report
Privacy Impact Assessment Project
The ICO commissioned a study into the use of Privacy Impact Assessments (PIAs) around the world. Coordinated by the University of Loughborough, this groundbreaking work looked at the use of PIAs in other countries, identified the lessons to be learned from their experiences and developed a PIA methodology for use in the UK.
Privacy Impact Assessments: international study of their application and effects
Appendix A - Framework for analysis
Appendix B - List of interviewees, by jurisdiction, agency and organisation type
Appendix C - Jurisdictional report for Canada
Appendix D - Jurisdictional report for the United States of America
Appendix E - Jurisdictional report for Australia
Appendix F - Jurisdictional report for New Zealand
Appendix G - Jurisdictional report for Hong Kong
Appendix H - Broad jurisdictional report for the European Union
Appendix I - PIA templates and guides by jurisdiction
Surveillance society: qualitative research report
The ICO commissioned a qualitative research study in September 2007 to explore the public’s true concerns about surveillance which involves the gathering, recording, processing, monitoring, analysing, sorting and flow of personal information, movements, lifestyle habits and behaviours.
Public opinion was sought on what individuals consider the effect of surveillance to be on their privacy, society, levels of choice, power and empowerment and what safeguards they feel are necessary to control any perceived risks.
The results of the study will contribute to the public debate on the surveillance society and are being presented at the ‘Surveillance Society: Turning Debate into Action’ conference the ICO is hosting on 11 December 2007.
A Surveillance Society: Summary of research
A Surveillance Society: Full research report
Publications research
The ICO has conducted research to obtain feedback on a selection of its publications amongst individuals and organisations. The publications which feedback has been obtained on are:
-
Lights are on DVD;
-
Credit explained; and
-
Personal information toolkit.
The findings overall were very positive, and useful feedback was obtained for improving future ICO publications.
View the full findings
Research into young people’s views, and use of social networking sites
The ICO has commissioned a survey of 2,000 14-21 year olds into their views, and use of social networking sites. The research was conducted by Dubit in October 2007.
Data Protection Topline Report
Surveillance society project
' Are we sleepwalking into a surveillance society? The threats to individuals and the challenges for data protection authorities '
This report details the state of development of the surveillance society taking account of the increasing amount of personal information collected about individuals as they go about their daily lives, how this is being used and the privacy risks that may arise now and in the future.
The report formed the centre piece of discussion at the 28th International Data Protection and Privacy Commissioners ' Conference, hosted by the Commissioner in London on the 2nd and 3rd of November 2006.
The ICO commissioned the Surveillance Studies Network (SSN) to undertake the research. The SSN are an independent not-for-profit organisation dedicated to the study of surveillance practices.
A report on the Surveillance society
A report on the Surveillance society - appendices
A report on the Surveillance society - public discussion document
A report on the Surveillance society - summary
Children’s information held on databases
‘Children’s databases – safety and privacy’
This independent research report focuses on children’s personal information stored in databases and the issues this raises for data protection. It highlights the importance of safeguarding children’s personal information and the issues that should be considered when designing and using such databases. The ICO commissioned the report from the Foundation for Information Policy Research and a team led by its chair, Professor Ross Anderson , Professor of Security Engineering at Cambridge University . The views expressed in the report are those of the authors and are not necessarily those of the ICO.
IPR report - Children's databases - safety and privacy
ICO issues paper - Protecting children's information
Customer Satisfaction Survey: Data protection - Data controllers (2005)
In January/February 2005, we conducted a customer satisfaction survey among data controllers who had submitted written data protection enquiries to the ICO between mid - September and mid - December 2004. We commissioned Jigsaw Research to conduct the survey. The key objective of the research was to assess levels of satisfaction experienced by data controllers using the services provided by the data protection compliance department. In particular, the research was commissioned to assess:
-
Satisfaction with service delivery and, in particular, to assess how well staff were seen to perform
-
Which communication channels were used and what user preferences were.
The results of the survey have been fed into the our continuous improvement programme and are available below:
Customer Satisfaction Survey: Data protection - Data controllers survey results