The Information Commissioner has recently confirmed the extent of its role in its newly published strategy paper. The thrust of the message is that the IC will not focus on enforcement, but on reducing the risk to UK residents of misuse of personal information about them.
At first sight one might question this message, given that it is the Information Commissioner who is specifically charged with enforcement of Data Protection law, and has specific legal powers to ensure compliance. However, the paper makes clear that the aim is to reduce the instances of non-compliance, and minimising data protection risk for individuals and society, and also making sure that the resources are aimed at the key areas of risk. Furthermore, enforcement of Data Protection law is only one aspect of the role of the IC, which includes education about data protection, influencing new legislation and dealing with complaints.
According to the strategy document, the ICO intends to focus on reducing unlawful trade in personal information, and monitoring increasing information sharing between organisations and undertaking data protection supervision. Of particular note, the IC also intends to target the increasing surveillance of UK citizens. They have also acknowledged that a focus must be made on public sector rather than private sector developments as this is where the most serious DPA breaches could arise (for example see last year's lapse by HMRC).
Comments