Data protection

Data protection research

Credit report survey

We are working with the credit reference agencies Callcredit, Equifax, and Experian to find out what people think about the quality of credit reports. We have commissioned a survey as part of this work, which has been emailed to people who have recently requested their credit report and have been asked to take part.

If you’ve been invited to take part in the survey, we want to know whether you think the information in your credit report is accurate or not and whether it is easy to understand.

The survey is confidential. The ICO will only see the information you give us on the form and we won’t see any of the information on your credit report. The survey is being hosted by HSL using Survey Monkey, who have undertaken not to disclose the information you provide to anyone other than the ICO.

Review of Availability of Advice on Security for Small/Medium Sized Organisations

The ICO commissioned the Review of Availability of Advice on Security for Small and Medium Sized Organisations to better understand how well small and medium sized enterprises (SMEs) can access appropriate information security advice for protecting personal information. The ICO recognises that SMEs will not have the technical expertise that many larger businesses will have at their disposal. Many small businesses use personal information and we recognise that SMEs need practical and concise guidance to help them comply with the law, and handle personal information appropriately.

The ICO has already acted on a number of recommendations by updating the Guide to Data Protection which provides businesses with practical advice about the Data Protection Act. The practical business based examples in the Guide can help SMEs safeguard personal data and meet the requirements of the Data Protection Act. We are also reviewing some of our other guidance in light of the report’s findings to ensure it is appropriate for the needs of SMEs. We are particularly interested in how guidance can be accessed through third party business trade and membership bodies and we will be following that up in the coming months.

Read the full review

The business case for investing in proactive privacy protection

The ICO has published the report ‘The Privacy Dividend: the business case for investing in proactive privacy protection’ which it commissioned from Watson Hall Ltd and John Leach Information Security Ltd (JLIS Ltd). The aim of the report is to help organisations understand the business rationale for, and benefits to be gained from, building in better privacy protection.

The report concludes that protecting personal information makes good business sense; it brings real and significant benefits that far outweigh the effort privacy protection requires; and ignoring privacy and not protecting personal information has significant downsides. The report analyses the value of personal information from different perspectives and outlines the consequences of privacy failures. It recognises that there is no 'one size fits all' approach and provides practical tools to help organisations construct customised business cases for investing in privacy protection.

Read the full report

Review of EU Data Protection Law

The Information Commissioner’s Office (ICO) has published the review of the strengths and weaknesses of the EU Data Protection Directive which it commissioned from RAND Europe.

The ICO commissioned RAND Europe to conduct the study amid growing fears that the current European Directive was out-dated and too bureaucratic.

The RAND study concludes that, in an increasingly global, networked environment, the Directive will not suffice in the long term. The report acknowledges that the Directive has helped to harmonise data protection rules across the European Union and has provided an international reference model for good practice. However, the report also says that the Directive is often seen as burdensome and too prescriptive, and may not sufficiently address the risks to individuals’ personal information.

Read the full report
Read the report summary

Notifications payment research

It is being considered that the charging regime for data controllers notifying with the ICO will be revised. In February 2008 a research project conducted amongst data controllers was commissioned to provide information to help inform how the revised charging regime could be applied.

SMSR Ltd was commissioned to undertake the study on behalf of the ICO. SMSR Ltd is an independent market research company based in Hull which adheres to the Market Research Society’s Code of Conduct.

Notifications payment research report

Stakeholder perception study

A commitment of the stakeholder relations strategy, launched in 2007 is to track progress of our actions. As a result a survey was undertaken in March 2008 to measure perceptions of the ICO amongst key stakeholders.

The stakeholder perception study involved stakeholders which have a high interest in what we do and can have a high influence on ICO, data protection and freedom of information issues.

The research was conducted on behalf of the ICO by Jigsaw Research and Critical Research, both independent market research agencies based in London.

Stakeholder perception study: research report

Relevant downloads