Information Commissioner to get tougher powers
The Information Commissioner Richard Thomas is to be given ‘tougher powers’ to regulate the Data Protection Act under proposals put forward this week by Justice Secretary Jack Straw.
The details of the proposals are contained within the Government's response to the Data Sharing Review.
The proposals follow a detailed consultation held by the Ministry of Justice on the Information Commissioner's inspection powers and funding following recommendations in the Data Sharing Review published in July 2008. The recommendations will give the Information Commissioner's Office (ICO) sweeping new powers to directly address lapses of data integrity procedure:
- Impose a deadline and location for the provision of information necessary to assess compliance.
- Impose monetary penalties on data controllers for deliberate or reckless loss of data.
- Inspect central government departments and public authorities' compliance with the Data Protection Act without always requiring prior consent
- Publish a statutory data sharing code of practice to provide practical guidance on sharing personal data.
- Publish guidance on when organisations should notify the ICO of breaches of the data protection principles.
- Where a warrant is being served, require any person to provide information required to determine compliance with the Data Protection Act.
The details of the proposals are contained within the Government's response to the 'Data Sharing Review' by Richard Thomas and Mark Walport, that was published in July 2008.
“The changes we propose today will strengthen the Information Commissioner's ability to enforce the Data Protection Act, and improve the transparency and accountability of organisations dealing with personal information,” says justice secretray Jack Straw.Jack Straw Justice Secretary. “Strong regulation and clear guidance is essential if we are to ensure the effective protection of personal data.”
The Government has also proposed revising the ICO's funding structure for its work on data protection to a tiered fee structure based on size of organisation. This will replace the flat rate notification fee which has not changed since the body’s original introduction in 1984. The legislation will be introduced as soon as parliamentary time allows.