Feeds

New guidance on data protection and outsourcing

Info commissioner issues advice for small.biz

Top three mobile application threats

The Information Commissioner’s Office (ICO) has published advice to businesses on how to comply with data protection rules when outsourcing the processing of personal information, aimed primarily at smaller companies without an inhouse data protection expert.

The good practice note follows requests for clarification on outsourcing, not only by organisations which hold personal information, such as payroll, but also by individuals who are concerned about how their information is protected when it is outsourced to companies both in the UK and overseas.

The advice stresses that when a business uses an outside organisation to process personal information on its behalf, it retains liability for the security and accuracy of information and full control over how it is used. This means the business remains liable for any breaches of the Data Protection Act, even if the outsourced company is based abroad.

Deputy commissioner David Smith acknowledged that many companies outsource some of their data processing functions to other companies, quite often overseas.

"There have been several highly publicised instances recently which suggest that personal information is not always held securely," he said. "Companies considering outsourcing must ensure that they choose companies that can be relied upon to take proper care of the personal information they are entrusted with."

He added that they should put in place mechanisms so that when the personal information has been outsourced they can check that it is being properly looked after.

"The Information Commissioner’s Office takes the failure to take proper care of personal information very seriously, and we will not hesitate to investigate where companies have failed to fulfil their obligations under the Data Protection Act. Such investigations could result in formal enforcement action."

The good practice note covers, for example, the selection of a service provider, ensuring the contract is enforceable, checking for security, and auditing that provider.

Daradjeet Jagpal, a solicitor with Pinsent Masons, the law firm behind OUT-LAW.COM, said: "Businesses need to remember that just because personal information is processed thousands of miles away, it does not mean that it takes away their responsibility for complying with the DPA."

Jagpal, a data protection specialist, continued: "A contract with the foreign processor is necessary, requiring the processor to respect the same security obligations that the business has to. Not getting this right means not only risking enforcement action from the Information Commissioner, but from aggrieved individuals, too, who may claim compensation for damage or damage and distress suffered due to breach of security obligations."

Another member of the Pinsent Masons information law team, Louise Townsend, added: "Straightforward guidance from the Information Commissioner on this topic is to be welcomed. Many organisations will have standard terms and conditions and it is a simple task to review these to ensure that they meet the requirements of the Data Protection Act."

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

High performance access to file storage

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Ex–Apple CEO John Sculley: Ousting Steve Jobs 'was a mistake'
Twenty-nine years later, post-Pepsi exec has flat-forehead moment
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.