Self Regulation and Codes of Practice
The requirements of data protection law are quite clear, and applying the rules and principles of data protection to your business activities is often a matter of common sense. However, for some businesses and professions, interpreting and applying data protection law is not so straightforward, and sometimes requires a fine appreciation of the ethical norms and standards, and the traditional expectations of good practice, associated with that sector. For that reason, the Data Protection Act, 1988 provides that representative trade associations should have a direct input into the establishment of data protection standards within their sector.
Section 13 of the Act provides that the Data Protection Commissioner
"shall encourage trade associations and other bodies representing categories of data controllers to prepare codes of practice to be complied with by those categories in dealing with personal data."
If the Commissioner agrees that such a code provides adequate data protection for individuals, he will formally approve it and encourage its use in the sector concerned. The Commissioner may also draw up such a code of practice on his own initiative. The standards laid down in such a code should help organisations to apply the data protection principles to the particular situations that they face in their sector.
Have Any Codes of Practice been Approved under the Data Protection Act?
The Commissioner has formally approved the following codes of practice.
- Garda Síochána (police force)
- Injuries Board
- Insurance Sector,
- Department of Education and Skills,
- Revenue Commissioners
- Vocational Education Committees
- The Probation Service
The Commissioner has also approved a Personal Data Security Breach Code of Practice.
How can my Representative Body initiate a statutory Code of Practice?
If your representative association would like to initiate a code of practice, to clarify how data protection rules are to be applied for your sector, then we suggest that your association contact the Data Protection Commissioner, with a view to arranging discussions to progress the matter. The Commissioner will be glad to provide you with practical advice on what should be covered in your code of practice, and on how circumstances specific to your sector might be handled.