For years the UK’s data protection watchdog has been pressing for greater powers with which to fight data protection law infringers. Now the ICO has announced an apparent major step-change in its enforcement operations. But is it just window dressing?
Topic: Data protection
Who: The Information Commissioner's Office
Where: Wilmslow, Cheshire
When: June 2005
What happened:
The Office of the UK's data protection watchdog, the Information Commissioner, recently announced the ramping up of its data protection law enforcement activities. Assistant commissioner David Smith stated that the idea of the changes was to make life tougher for the minority of businesses that don’t take their data protection obligations seriously.
Before the changes, complaints that the law had not been adhered to were handled by a compliance team. Now the ICO has for the first time put together teams of specialists selected solely for using the Commissioner's powers to bring about compliance with the law.
The new "Regulatory Action Division" will be devoted to protecting personal information held by businesses.
Why this matters:
For some years now the Information Commissioner's Office has been calling for greater powers of enforcement. Currently, any efforts that it makes to police infringements of data protection law are hampered by a need in most cases to go through a tortuous process of issuing "enforcement notices" and allowing the alleged offender time to respond and appeal the process before the matter can be taken to court.
Contrary to the impression that might initially have been given by the recent announcement, there has been no change to that situation. There also appears to be no likelihood at any time soon of the government granting the ICO the greater enforcement powers it demands.
Instead, the ICO is having to resort to what some cynics might describe as a window dressing shuffle of existing staff to give the impression of greater pro-activity.