Draft code of practice for privacy notices

Updated January 2009

The Information Commissioner's Office (ICO) has launched a consultation on a new draft code of practice for privacy notices. The aim of the code is to help organisations provide more user-friendly privacy notices.

A privacy notice should set out how an organisation will handle a person's personal details and can also tell people about rights to access their personal information and the organisation's security arrangements.

The ICO believes that some existing privacy notices contain too much legal jargon and are written to protect organisations against liabilities, rather than to inform the public about how their information will be used. The draft code explains that the duty to actively communicate a privacy notice is strongest where the intended use of the information will be unexpected, objectionable or controversial, or where the information is confidential or particularly sensitive. It also explains that informing people of obvious uses of their information is unnecessary. The draft code of practice contains examples of good and bad privacy notices.

The consultation will close on 3 April 2009.

If you wish to take part in the consultation or would like to have your current privacy notice reviewed, please contact TLT's Data Protection and Privacy team. 

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at January 2009. Specific advice should be sought for specific cases; we cannot be held responsible for any action (or decision not to take action) made in reliance upon the content of this publication.