The data security regulator has signalled it’s no longer to chase ‘individual lapses’ in its proposed changes to how it enforces data protection law. The ICO (Information Commissioner’s Office) has gone out to public consultation on its direction for the next five years.
As the Information Commissioner, Christopher Graham, puts it in an ICO document: “We’re keen to learn more from casework and tackle systemic problems ahead of individual lapses.” The document proposes that the regulator ‘will aim to enforce proportionately’, without saying what is proportionate. The ICO speaks of being ‘outcome focused’, ‘prioritising areas of highest information rights risk’ and ‘only where appropriate, to address individual concerns’.
The Wilmslow-based regulator has a wide brief – data including CCTV and non-security matters such as nuisance=marketing cold-calls, which most bothers the public. It has the power to fine up to £500,000 for breaches of the 1998 Data Protection Act, and has fined – mainly hospitals and local government – in the tens of thousands of pounds for breaches, or simply required the offenders to sign agreements to make good shortcomings, whether lost laptops or mis-faxed papers with personal details. The regulator has called for greater powers to enforce the law, for example against blaggers who seek to steal personal info, whether for the popular press, insurers, or debt collectors.
The ICO says that its workload is growing – dealing with complaints, investigating criminal and civil breaches, enforcing compliance. It admits that the ICO needs to do better for less; but is But ‘less able to respond effectively to the growing demand for our services’. And there are doubts over its role, partly because of upcoming European law on data protection; the Leveson proposals relating to data protection and the press; the upcoming SIA regulation of private investigators; and the Surveillance Camera Commissioner’s code of practice for CCTV operations.
In a consultation document it speaks of ‘focus on organisations that get things wrong’. “Information rights are of growing importance in the public mind, prompted by developments in technology, business and public policy. That means we’re busier than ever. But, secondly, we are facing a funding crunch just as our resources are stretched to the maximum. And thirdly, the regulatory landscape with which we deal is undergoing profound change.”
The consultation runs until February 7. Visit the ICO website.
