ICO seminar on privacy and data anonymisation
The ICO seminar on privacy and data anonymisation was held in London on Wednesday 30 March 2011. Leading experts presented different approaches to, and perspectives on, this complex subject. The seminar looked at current practice, the risks associated with anonymisation and possible solutions for the future.
Presentations were followed by a facilitated plenary session which allowed speakers and audience members to discuss the issues in greater detail. A report of proceedings is available below, in addition to the conference programme and copies of the speakers’ slides.
Seminar report
Seminar programme
From Data to Health
Sir Mark Walport, Director, The Wellcome Trust
Anonymisation as Disclosure Avoidance
Dr Mark Elliot, University of Manchester
Transparency – Opening Up Government
Nicola Westmore, Cabinet Office
Privacy, Deanonymisation and Transparency
Dr Kieron O’Hara, University of Southampton
Balancing Risk and Utility – Experiences in Official Statistics
Dr Marie Cruddas, Office for National Statistics
Protecting Privacy After The Failure of Anonymisation
Professor Paul Ohm, University of Colorado
Anonymity in Market, Social and Opinion Research
Barry Ryan, Market Research Society
Wi-Fi Settings: online survey
The ICO have commissioned an online survey about Wi-Fi security in the home. The survey, which was carried out online by YouGov, has revealed that 40% of people who have Wi-Fi at home do not understand how to change the security settings on their wireless (Wi-Fi) networks, while 16% of people are either unsure or are already aware that they are using an unsecured network.
The ICO is calling for Internet Service Providers (ISPs), retailers and manufacturers to make sure the guidance supplied with their Wi-Fi equipment is clear to the end user and fully explains the risks of people using an unsecured connection.
The ICO has also produced new guidance on how people can check the security settings on their Wi-Fi router and provides information on how to make the network more secure, including setting up a strong password to stop other people accessing the network and making sure the information sent over the device is encrypted.
View the YouGov survey
Credit report survey
We are working with the credit reference agencies Callcredit, Equifax, and Experian to find out what people think about the quality of credit reports. We have commissioned a survey as part of this work, which has been emailed to people who have recently requested their credit report and have been asked to take part.
If you’ve been invited to take part in the survey, we want to know whether you think the information in your credit report is accurate or not and whether it is easy to understand.
The survey is confidential. The ICO will only see the information you give us on the form and we won’t see any of the information on your credit report. The survey is being hosted by HSL using Survey Monkey, who have undertaken not to disclose the information you provide to anyone other than the ICO.
Review of Availability of Advice on Security for Small/Medium Sized Organisations
The ICO commissioned the Review of Availability of Advice on Security for Small and Medium Sized Organisations to better understand how well small and medium sized enterprises (SMEs) can access appropriate information security advice for protecting personal information. The ICO recognises that SMEs will not have the technical expertise that many larger businesses will have at their disposal. Many small businesses use personal information and we recognise that SMEs need practical and concise guidance to help them comply with the law, and handle personal information appropriately.
The ICO has already acted on a number of recommendations by updating the Guide to Data Protection which provides businesses with practical advice about the Data Protection Act. The practical business based examples in the Guide can help SMEs safeguard personal data and meet the requirements of the Data Protection Act. We are also reviewing some of our other guidance in light of the report’s findings to ensure it is appropriate for the needs of SMEs. We are particularly interested in how guidance can be accessed through third party business trade and membership bodies and we will be following that up in the coming months.
Read the full review
The business case for investing in proactive privacy protection
The ICO has published the report ‘The Privacy Dividend: the business case for investing in proactive privacy protection’ which it commissioned from Watson Hall Ltd and John Leach Information Security Ltd (JLIS Ltd). The aim of the report is to help organisations understand the business rationale for, and benefits to be gained from, building in better privacy protection.
The report concludes that protecting personal information makes good business sense; it brings real and significant benefits that far outweigh the effort privacy protection requires; and ignoring privacy and not protecting personal information has significant downsides. The report analyses the value of personal information from different perspectives and outlines the consequences of privacy failures. It recognises that there is no 'one size fits all' approach and provides practical tools to help organisations construct customised business cases for investing in privacy protection.
Read the full report
Review of EU Data Protection Law
The Information Commissioner’s Office (ICO) has published the review of the strengths and weaknesses of the EU Data Protection Directive which it commissioned from RAND Europe.
The ICO commissioned RAND Europe to conduct the study amid growing fears that the current European Directive was out-dated and too bureaucratic.
The RAND study concludes that, in an increasingly global, networked environment, the Directive will not suffice in the long term. The report acknowledges that the Directive has helped to harmonise data protection rules across the European Union and has provided an international reference model for good practice. However, the report also says that the Directive is often seen as burdensome and too prescriptive, and may not sufficiently address the risks to individuals’ personal information.
Read the full report
Read the report summary
Notifications payment research
It is being considered that the charging regime for data controllers notifying with the ICO will be revised. In February 2008 a research project conducted amongst data controllers was commissioned to provide information to help inform how the revised charging regime could be applied.
SMSR Ltd was commissioned to undertake the study on behalf of the ICO. SMSR Ltd is an independent market research company based in Hull which adheres to the Market Research Society’s Code of Conduct.
Notifications payment research report
Stakeholder perception study
A commitment of the stakeholder relations strategy, launched in 2007 is to track progress of our actions. As a result a survey was undertaken in March 2008 to measure perceptions of the ICO amongst key stakeholders.
The stakeholder perception study involved stakeholders which have a high interest in what we do and can have a high influence on ICO, data protection and freedom of information issues.
The research was conducted on behalf of the ICO by Jigsaw Research and Critical Research, both independent market research agencies based in London.
Stakeholder perception study: research report