Privacy & Information Security Law Blog

On September 2, 2014, the UK Information Commissioner’s Office (“ICO”) published a consultation on the framework criteria for selecting scheme providers for its privacy seal scheme. The consultation gives organizations the opportunity to provide recommendations for the framework criteria that will be used to assess the relevant schemes. The consultation is open until October 3, 2014.

Under the draft framework criteria, the ICO’s proposals include the following:

• ICO endorses at least one scheme for a minimum of 3 years;
• The ICO has the authority to revoke an endorsement of a scheme;
• The scheme operator takes responsibility for the day-to-day operation of the scheme and retains ownership of the scheme (including the liabilities and indemnities that may be associated with the operation of the scheme); and
• The scheme operator is the contact point for queries and complaints related the scheme. Nevertheless, individuals may send complaints directly to the ICO if their concern relates to a breach of the Data Protection Act or the Privacy and Electronic Communications Regulations.

A scheme must first obtain accreditation from the UK Accreditation Services (“UKAS”), the national accreditation body for the UK, before it may gain the ICO’s endorsement. The ICO will participate in the UKAS accreditation process by offering technical expertise and advice to UKAS.

As detailed in its consultation document, the ICO is interested in receiving feedback on the roles and responsibilities of the ICO; the underlying principles; the scope, objectives and sustainability of the scheme; the certification process; and the quality criteria for organizations (i.e., relating to proficiency and knowledge).

The ICO hopes to select a proposal by early 2015 and aims to launch the first round of endorsed schemes in 2016.