Compulsory audit powers needed says Information Commissioner
Submit Articles Back to Articles
13 October 2011
Compulsory audit powers
needed for local government, the NHS and the private sector, says
Powers to conduct compulsory data protection audits in local
government, the health service and the private sector are needed to
ensure compliance with the law, the Information Commissioner said today
at the 10th annual data protection compliance
conference in London.
Christopher Graham’s call came as figures showed that the ICO
is being blocked from auditing organisations in sectors that are
causing concern over their handling of personal information.
The only compulsory data protections audit powers the ICO
currently has are for central government departments. For all other
organisations the ICO has to win consent before an audit can take place.
Data breaches in the NHS continue to be a major problem. Of
the 47 undertakings the ICO has agreed with organisations that have
breached the Data Protection Act since April, over 40% (19) were in the
healthcare sector. In addition, the most serious personal data breaches
that have resulted in a civil monetary penalty occurred in the local
government sector. Four of the six penalties served so far involved
Businesses remain the sector generating the most data
protection complaints. Despite this, as reported in July, just 19% of
companies contacted by the ICO accepted the offer of undergoing an
audit. The ICO has written to 29 banks and building societies and so
far only six (20%) have agreed to undergo an audit. The insurance
sector has also shown reluctance in this area. Of the 19 companies
contacted this year by the ICO, only two agreed to an audit.
Information Commissioner, Christopher Graham said:
“Something is clearly wrong when the regulator has to ask
permission from the organisations causing us concern before we can
audit their data protection practices. Helping the healthcare sector,
local government and businesses to handle personal data better are top
priorities, and yet we are powerless to get in there and find out what
is really going on.
“With more data being collected about all of us than ever
before, greater audit powers are urgently needed to ensure that the
people handling our data are doing a proper job. I am preparing the
business case for the extension of the ICO’s Assessment Notice powers
under the Coroners and Justice Act 2009 to these problematic sectors.”
The Information Commissioner also used his speech at the
conference to give a six month update on the ICO’s complaints handling
Complaints about marketing texts, some of which are known as
spam texts, have trebled in volume since 2008/9, and now account for
approximately 13% of all data protection complaints to the ICO. Over
1,000 complaints have been received since April.
The overall number of new data protection (DP) complaints is
up by 2% compared to the same period last year. The number of freedom
of information (FOI) complaints has also risen by around 5%. The ICO
has increased its output to match the increase and has closed a record
number of FOI cases during the first half of the year. Closures on DP
cases are also up.
If you need more information, please contact the ICO press
office on 0303 123 9070 or visit the website at: www.ico.gov.uk.
- The Information Commissioner’s Office upholds information
rights in the public interest, promoting openness by public bodies and
data privacy for individuals.
- The ICO has specific responsibilities set
out in the Data Protection Act 1998, the Freedom of Information Act
2000, Environmental Information Regulations 2004 and Privacy and
Electronic Communications Regulations 2003.
- The ICO is on Twitter, Facebook
and produces a monthly e-newsletter.
Our For the
media page provides more information for journalists.
About the Author
The Information Commissioner’s Office is the UK’s
independent authority set up to uphold information rights in the public
interest, promoting openness by public bodies and data privacy for
individuals. We do this by promoting good practice, ruling on
complaints, providing information to individuals and organisations and
taking appropriate action when the law is broken.
The ICO enforces and oversees the following
- Data Protection Act 1998
- Freedom of Information Act 2000
- Privacy and Electronic Communications
- Environmental Information Regulations
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2011-10-20 13:49:30 in Computer Articles
All ICO Articles