Just when you thought it was safe to dismiss the UK's data protection tsar the Information Commissioner as a toothless watchdog, Justice Secretary Jack Straw finally grants him the powers worthy of the title. Yes, last week saw Information Commissioner Richard Thomas finally get what he has been asking for over the last year or so - the ability to impose monetary penalties on organisations for "deliberate or reckless" loss of data. He is now also able to inspect central government departments without having to ask permission first - a rule so absurd it totally undermined the ability of the ICO to carry out effective checks.
And the experts I spoke to broadly welcomed these new powers. Most seemed to think that the long, long list of public and private sector organisations which have lost sensitive data could all have avoided their infamy if they'd just followed the DPA. By granting the ICO the power to enforce this much-maligned piece of legislation, the argument goes, they might actually pay more than lip service to the law.
Another interesting element of the news is the new funding structure the ICO will be getting. Instead of a flat-rate notification fee, the ICO will be able to charge depending on the size of the notifying organisation. Details have yet to be thrashed out but the idea is that it will finally give the watchdog the financial support it needs to carry out its work effectively, although if it's partly used to fund the £50,000 pay rise mooted for Thomas, the move will not win many supporters.
So what does this mean to you? Well, if you were thinking of just paying lip service to the DPA, you're probably better off re-examining your data handling strategies and taking it a whole lot more seriously. The ICO has teeth at last and is probably not afraid to use them. However, while it certainly will be handing out fines and punishments and naming and shaming those who are reckless with data, Thomas has consistently stressed that much of the work of the ICO is in educating organsiations about good data handling practices and compliance with the DPA.
To that end, the ICO last week also released a new report, Privacy by Design, listing ways in which firms can design information systems incorporating privacy enhancing technologies from the get-go, rather than thinking of these technologies as an add-on, or an afterthought. It's well worth a look.
No comments:
Post a Comment