Information Commissioner introduces guidelines for data protection best practice

The Information Commissioner's office has launched a report that provides organisations with a financial case for data protection best practice.

With less than a month to go until it introduces £500,000 penalties to ‘act as a deterrent and to promote compliance with the Data Protection Act, ‘The Privacy Dividend' report explains how to put a value on personal information and assess the benefits of protecting privacy.

Launched at the ICO's data protection officer conference and completed with research by Watson Hall and John Leach Information Security, the 93-page report includes practical tools to help organisations prepare a business case for investing in privacy protection.

This includes: guidance on the steps involved in a privacy protection scheme to assess the costs and benefits; guidance on creating business cases for implementing a new system or changing an existing system; and calculation sheets to assess the value of personal information and put figures to the business case.

Information Commissioner Christopher Graham said: “No organisation can neglect to protect people's privacy. Not only is it the law, but there is also a hardheaded business imperative.

“This report provides organisations with the tools to produce a financial business case for data protection, ensuring privacy protection is hardwired into organisational culture and governance.”

Chris McIntosh, CEO of Stonewood, said that while the report is a welcome development, it does not cover the crucial issue of organisations believing that data breaches are something that happen to other people.

He said: “The ICO decision to provide organisations with a financial case for data protection practice is a welcome sight. Yet despite the danger to reputation and business that can come from a data loss, it is still a hard truth that many organisations feel they will be one of the fortunate few that remain untouched.

“There are already firm laws in place to protect data, as well as heavy financial penalties facing organisations that are found to be negligent. Beyond this, the risks to security, to reputation and to the well-being of employees and customers that can be caused by a data loss have already been well documented, both by other reports and by all-too-common events in the real world. A report that shows organisations how to prepare a business case is a positive step in reinforcing the value of data, but more discussion is needed to convince organisations that not only can this happen to them, it more than likely will.”

Sign up to our newsletters