ICO issues new big data protection guidelines for UK organisations


The Information Commissioner’s Office (ICO) has issued a fresh list of data protection requirements that UK big data organisations will have to comply with.

The UK watchdog’s Big data and data protection list includes a series of guidelines for companies dealing with big data, explaining how organisations are expected to handle it and the need to ensure if they are complying with obligations mentioned as under the Data Protection Act [DPA].

One of the major areas as highlighted by the ICO is data anonymisation. Data collected by companies while undergoing product and service research should be completely anonymous and should not reveal individuals identity.

The ICO noted that use of multiple data sources for collecting data would require effective anonymisation and to ensure that, organisations must carry out a robust risk assessment.

The watchdog conducted its own research on big data between June 2013 and June 2014 and is particularly concerned on big data usage as it involves personal data including social media, loyalty cards and sensors in clinical trials used by companies to gain more insights into clients and potential customers.

Repurposing of personal data is another key area noted by the ICO. Organisations collecting data for one purpose are often found using the same data for another purpose or even passing it on to another company to use. The ICO wants that big data organisations must inform individuals as when and for what reason data is being used for different purposes.

The ICO states that big data organisations must ensure information security and follow the standard practice policies as per the Data Protection Act.