Feeds

Info commissioner issues guidance on database trading

Data protection obligations

Beginner's guide to SSL certificates

The Information Commissioner’s Office (ICO) has published a guidance note advising businesses on how to comply with the Data Protection Act when buying and selling databases containing customers' confidential information.

The guidance is intended for use only when a database is sold because a business is insolvent, closing down, or being sold. In these circumstances the Data Protection Act does not prevent the sale of a database containing the details of individual customers, providing certain requirements are met.

The requirements:

  • The seller must make it clear that the buyer can only use the data for the purposes for which it was originally collected. The database should therefore only be sold to a business that will make the same or similar use of it.
  • The buyer must obtain the consent of the individuals referred to on the database if it wishes to use the data for a new purpose.
  • The buyer should tell the individuals referred to on the database about the change of ownership.
  • The buyer can only use the database for unsolicited marketing if the individuals referred to in it have agreed to receive such marketing, or receipt of such marketing is "likely to be within their reasonable expectations".
  • Where this is the case the buyer can only market products and services similar to those that have been advertised through the database before.
  • The buyer must delete any unnecessary personal information held on the database.

The guidance does not cover the buying and selling of confidential information in other circumstances, where consent will usually be required.

"It is important that businesses buying or selling customer databases are aware of their data protection obligations," ICO senior guidance and promotion manager Dave Evans said. "This good practice note will help businesses understand what they need to do to ensure that personal information on the databases is sufficiently protected."

See: the guidance note (2 page/34KB PDF)

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Choosing a cloud hosting partner with confidence

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.