SMEs: Deal with data requests this way...

The ICO gives advice
Written by Sylvia Carr, Contributor

The ICO gives advice

The Information Commissioner's Office (ICO) has published advice on data protection for small and medium-sized enterprises.

The ICO explains how to handle requests from individuals whose data the SME holds. Under the Data Protection Act (DPA) individuals have the right to request digital information relating to them which businesses store.

The guidance covers a wide range of issues for SMEs including whether requests should be dealt with according to the DPA or less formally as a normal part of business; how to be sure of an individual's identity; if the SME can charge a fee for the info; when a SME is obliged to share the data; and how to prepare a response.

An ICO spokeswomen told silicon.com the advice was published in response to queries from small businesses looking for guidance on how to deal with data access requests.

She said: "They're looking for clear guidance. [Our publication] explains data access requests in clear terms and it's simplified. It's an easy way for them to find out what they're required to do."

More information can be found on the ICO website.

Information commissioner Richard Thomas has called for tougher penalties for people who misuse data and supported the recent legal change which means data thieves now face up to two years in prison.

Editorial standards