Feeds

Info commissioner issues guidance on database trading

Data protection obligations

Security for virtualized datacentres

The Information Commissioner’s Office (ICO) has published a guidance note advising businesses on how to comply with the Data Protection Act when buying and selling databases containing customers' confidential information.

The guidance is intended for use only when a database is sold because a business is insolvent, closing down, or being sold. In these circumstances the Data Protection Act does not prevent the sale of a database containing the details of individual customers, providing certain requirements are met.

The requirements:

  • The seller must make it clear that the buyer can only use the data for the purposes for which it was originally collected. The database should therefore only be sold to a business that will make the same or similar use of it.
  • The buyer must obtain the consent of the individuals referred to on the database if it wishes to use the data for a new purpose.
  • The buyer should tell the individuals referred to on the database about the change of ownership.
  • The buyer can only use the database for unsolicited marketing if the individuals referred to in it have agreed to receive such marketing, or receipt of such marketing is "likely to be within their reasonable expectations".
  • Where this is the case the buyer can only market products and services similar to those that have been advertised through the database before.
  • The buyer must delete any unnecessary personal information held on the database.

The guidance does not cover the buying and selling of confidential information in other circumstances, where consent will usually be required.

"It is important that businesses buying or selling customer databases are aware of their data protection obligations," ICO senior guidance and promotion manager Dave Evans said. "This good practice note will help businesses understand what they need to do to ensure that personal information on the databases is sufficiently protected."

See: the guidance note (2 page/34KB PDF)

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.