Consultation:

ICO privacy seals project – draft framework criteria

Starts:02/09/2014

Closes:03/10/2014

  1. Introduction

A privacy seal scheme acts as a ‘stamp of approval’ highlighting an organisation’s commitment to maintaining good privacy standards. The ICO will be endorsing at least one privacy seal scheme, operated by an independent third party in the UK.The ICO’s endorsement is conditional on the scheme’s operatorachieving official accreditation by the UK Accreditation Service (UKAS).Working with UKAS will ensure that the ICO endorses a competent scheme operator.

The ICO expects proposed privacy seal schemes to be consumer facing. There is a growingrole for privacy in consumer choice, and privacy certification in this area is a good way of bringing data protection to a mainstream audience.

This work is being carried out under the Information Commissioner’s duty to promote good practice and compliance by data controllers (provided in section 51 of the Data Protection Act).

The ICO will invite proposals for a privacy seal scheme in the Autumn 2014, with a view to selecting a proposal in early 2015. UKAS accreditation can take between six and 12 months.The ICO is aiming to launch thefirst round of endorsed schemes in 2016.

Objective of the consultation

This consultation provides an opportunity for organisations to provide their views on the framework criteria that proposals will be assessed against. The currentdraft of the framework criteria takes into consideration the discussions and comments from a range of interested parties over the past few months.

This will inform the final version of the framework criteria, which will be published with the invitation for proposals.

How to take part in this consultation

Responses to this consultation must be submitted by Friday 3 October 2014. Please email your responses to .

If you have any questions about this consultation, please call 0303 123 1113 and ask for Gemma Farmer, or email .

Privacy statement

We may publish a summary of the responses received, following the end of the consultation. Information provided in response to our consultations, including personal information, may be disclosed in accordance with the Freedom of Information Act 2000 and the Data Protection Act 1998. Please tell us if you want the information you provide to be treated as confidential.We cannot guarantee confidentiality, but we will take your views into consideration.

  1. Your views

We would like your views on the main themes in the framework criteria document. Each section has a box for you to provide your feedback. Please provide as much detail as possible.

Roles and responsibilities

Section 1 of the framework criteria explains what roles and responsibilities the ICO will have in relation to its endorsement of the scheme. Do you think the roles and responsibilities of the ICO and scheme operator are clearly explained? Please tell us what you think in relation to each of the main areas.

A / ICO endorsement
B / Revocation of endorsement of the scheme
C / Operation of the scheme by the certification body
D / ICO’s regulatory role
E / Marketing and branding
F / Difference between ICO endorsement and UKAS accreditation
G / Any other comments about roles and responsibilities:

Underpinning principles

Section 2 of the framework criteria sets out the principles for an ICO endorsed scheme.What do you think are the advantages and disadvantages of the underpinning principles?

Advantages / Disadvantages
Any other comments about the underpinning principles:

The framework criteria - scheme requirements

Section 3 of the framework criteria document sets out the detailed requirements of the scheme.

Scope and objectives of the scheme

Parts 1 and 2 of the framework criteria are concerned with the scope and objectives of the scheme. Please tell us what you think about the guidelines.

A / Scope
B / Objectives

Sustainability of the scheme

Part 4 of the frameworkexplainsthe need for proposed schemesto be sustainable. Please tell us what you think about this section.

Comments about the requirements forany scheme to be sustainable:

Certification process

Parts 6-9 of the framework explain the requirements relating to the administration of the scheme. Please tell us what you think about the ICO’s requirements.

A / Initial Assessment
B / Audit and review
C / Complaints
D / Certification fees

Quality criteria for organisations

Please tell us what you think about the quality criteria provided for organisations. Is there anything that needs to be added or changed? Please provide your comments below.

A / PROFICIENCY
B / KNOWLEDGE

Thank you for completing this consultation.

We value your input.

ICO privacy seals project

Framework criteria – draft for consultation v1.3

20140902

1