The Information Commissioner’s Office's (ICO's) online consultation is intended to help organisations comply with data protection legislation by coming up with a 'practical and common sense' approach to protecting individuals’ privacy online.

During the next 12 weeks businesses, organisations and the public can comment on the draft guidelines which set out recommendations for handling personal data correctly.

The draft code of conduct casts a wide net, including mentioning best practice in cloud computing situations, stating: “The Data Protection Act (DPA) does not prohibit the overseas transfer of personal data, but it does say that it should enjoy adequate protection wherever it is located. Clearly, this raises compliance issues that organisations using cloud computing need to address...It is good practice to encrypt the data prior to it being transferred to the online services company.”

Simon McDougall, Director UK Privacy & Data Protection, Deloitte, commented on the draft: “This isn't a government-style consultation, where results may be predestined, there's a genuinely business friendly line. While the guidelines will be useful for smaller organisations, they don't really hold out much for larger corporates, so it's imperative that the big players get involved.”

McDougall continued: “I was surprised to see the cloud element mentioned in here, but it's certainly an issue that needs consideration. The old country by country model of legislation really isn't relevant in these situations, so updating guidelines to account for new models is essential.”

The consultation ends on March 5 2010. To respond visit www.ico.gov.uk.