The Information Commissioner's Office (ICO) is calling for organisations to make sure they consider the personal privacy implications of installing or developing new IT systems.

At a surveillance conference in Manchester the ICO highlighted the breach at HM Revenue and Customs, saying it was a watershed and will call for organisations to implement new safeguards to help protect individuals' privacy.

"Very often the collection and use of personal information is essential and beneficial to modern life, but many people do not realise that data collection is at the heart of surveillance," said David Smith, deputy commissioner at the ICO.

"Each time someone gives away their personal information they leave electronic footprints that build up a picture of every aspect of their daily lives. It is essential that before introducing new systems and technologies, which could accelerate the growth of a surveillance society, full consideration is given to the impact on individuals and that safeguards are in place to minimise intrusion. Privacy impact assessments are a common sense approach to help organisations develop privacy friendly ways of working."

The ICO will also be producing a privacy impact assessment handbook designed to help organisations address the risks to personal privacy before implementing new initiatives and technologies, thereby helping to increase public confidence in data collection.

Research commissioned by the ICO shows that six out of 10 individuals believe they have lost control over the way their personal information is handled.

"Before giving out any personal information we advise individuals to make sure they know who they are giving their details to, why these details are needed and how they will be used," added Smith.

"If individuals are not satisfied with the response they should not feel obliged to give out their details, they should simply ask to move on to the next question. In order to have trust in an organisation, individuals must be confident that their information is held securely and processed in line with data protection rules."

The ICO advises that anyone who processes personal information must make sure that data is:
• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection