recent work

Scottish Government draws up Privacy Principles – will rest of UK follow?

All UK public bodies are likely to follow the Scottish Government’s principles in identity management and privacy. The Scottish government has drawn up these principles, which include ensuring public bodies in Scotland only obtain the minimum necessary personal information on citizens, as well as ensuring these bodies don’t aggregate data in a single space and allowing every citizen access to the information held about them through a secure login.

The assistant information commissioner for Scotland, lawyers and academics of Scotland all worked together to formulate the principles, which cover five topics: proving identity and entitlement; governance and accountability; risk management; data and data sharing and education and engagement.

One of the pronciples’ main aims is to reduce the formulation of large “centralised databases of people’s personal information” – and instead, personal information of groups should only be “drawn together if there is a business need to do so”  – and transactional data should be kept apart from personal information.

Christopher Graham, the information commissioner, urged “all Scottish public authorities, not just the Scottish government” to adopt the principles “as a minimum standard”. Graham also said  that when imposing penalties for breaches of the Data Protection Act, he takes in to consideration “among other factors, the level of compliance with best practice guidance issued both by my office and by other relevant parties”.

To read the full article, please go to now.