Headlines: April 28th, 2006

The Information Commissioner’s Office has issued new guidelines on PETs – privacy enhancing technologies – designed to protect personal information relating to the growing number of people using e-mail and the Internet to interact with public bodies and businesses.The traditional of view of PETs has been to regard them as software or other systems that allow individuals to withhold their identity when using electronic operating systems. Examples include anonymous web browsers, specialist email services, and digital cash systems. But the new ICO guidance says the systems include any technology that exists to protect or enhance an individual’s privacy. For example, the ICO says, a system that allowed a doctor to see all the details of a medical record but only allowed a receptionist to access contact and administrative information would be using a privacy enhancing approach.

The Deputy Information Commissioner, David Smith, said the use by people of the Internet and email to communicate, research and interact with government and businesses was at an all time high and this was an age in which more and more information was being shared across databases and organisations of all kinds. “In addition, there is a growing move towards introducing computing technology in everyday consumer products, so the need for systems to help protect people’s privacy has never been greater,” he added.

He said privacy enhancing technologies not only helped to protect a person’s privacy and gave them greater power and control over information held about them, but they could also be a winning strategy for the organisations that installed them. “They help reduce the risks of privacy breaches and the significant costs associated with them at the same time as building trust among customers and clients,” he said.

The ICO guidance and technical note offers a number of examples of the use of PETs, including encrypted biometric access systems that allowed the use of a fingerprint to authenticate identity without retaining the fingerprint or the use of secure online access so people could check the accuracy of personal data and make amendments. Other software allowed browsers automatically to detect a website’s privacy policy and compared it to the preferences they had expressed, or ‘sticky’ electronic privacy policies attached to the information preventing it being used in any way that was not compatible with the policy

The full technical note can be is on the ICO’s website at http://www.ico.gsi.gov.uk