The Information Commissioner's Office has issued what it calls new rules for the processing of information online. They're not actually new rules, however - it's just a new 44-page pdf. The leaflet is also available in ebook format. The failing regulator - facing court action for not meeting minimum European data protection …
Viviane Reding said last month: "Having a watchdog with insufficient powers is like keeping your guard dog tied up in the basement."
Which is ironically what you have to do these days, lest you get caught by the DDA. So the ICO is following suit. Nice to hear.
...is like keeping your guard dog tied up in the basement.
You have to now, just in case it bites someone and you get sued
or am i focusing on the wrong problem here.
maybe if someone loses data, they will get locked up in the basement?
also, WTF is a basement? is it like a cellar?
WTF is a basement?
I'm guessing you're not British/UK OR American then, as we both use it (ever seen the letter 'B' on a lift/elevator).
Brits ALSO use Cellar but that's not a habitable space (you wouldn't keep a dog in a cellar - unless you really didn't like it - but you would keep it in a basement).
Just for you..
And just in case you don't know this either, this is what a guard dog is.
And this is what a dictionary is
As the stock response of the ICO (currently facing a 6month backlog on consumer complaints) when I complain to them is to do absolutely nothing, even when faced with clear evidence of DPA breaches, I really don't know what Mr Graham means by "enforcement". WHAT enforcement? They did nothing about Phorm or BT, nothing about Google, and even the latest cases that they got excited about, (involving TalkTalk was it?) seem to have suddenly gone all quiet. Given the massive numbrer of data losses that we read about almost every fortnight, why are there not more reports of enforcement action? I know the powers are limited, but we hear virtually nothing about companies actually suffering any sort of penalty for their DPA and PECR breaches.
I have yet to be convinced that the ICO wants to assist consumers. It is still geared to giving legal advice to companies rather than taking enforcement action against offenders. Oh yes - and could they please tell us the ratio of IT qualified to legally qualified staff right now, and whether it has changed recently?
Use the powers you already have to protect consumers, and then we might consider giving you some more.
To Wot Enforcement
I think the Commissioner is almost exclusively focused on the Freedom of information Act. Looking at his site he seems to give out dozens of decisions per month, on FOI, and pursue organisations that don't comply in releasing information.
Data Protection Breaches? Hard to find anything outside the annual report and there seemed to be less than ten prosecutions last year. Mostly for failing to notify as Data Controllers
Perhaps the ICO could be funded by charges for appeals from requestors under the FOI Act and then he might have the resources to pursue Data Protection Breaches. On the other hand pursuind DP breaches takes motivation which seems to be lacking.
ICO Code of Practice
The ICO’s new code of practice can only be a good thing, but it’s essential for organisations to understand what this means and how to remain compliant. When the ICO recently introduced data breach fines, almost half (45%) of IT directors were not aware they had come into force and this can’t afford to happen again. Even more worrying is that of those who do know about the potential punishments, only 55% believe they will change their business practices as a result.
After a run of high-profile data losses in the press, consumers have got to be able to feel they can trust businesses and public organisations with their personal details. How many more cases of lost laptops and vulnerable data will we see before organisations realise they have to do more to reassure the public?
The ICO is absolutely right in publishing this code of practice, but it also needs to advise businesses on the range of security options available to protect data, particularly if it ends up in the wrong hands. It doesn’t have to be a case of just hoping it doesn’t happen, businesses need to be more aware of who and what is available to help them avoid data breach and the ICO can lead the way with this.
General manager of EMEA
The ICO’s code of practice should definitely be welcomed, a lot of time, effort and consultation has gone into its drafting, to produce a good workable code that will help both Public and private sectors to improve customer trust and confidence in their online activities.
Above all, transparency is key. Information sharing online can be a force for good, but it’s essential for the consumer to be told what’s being done and why. Sometimes organisations themselves aren’t aware when they’re sharing data, let alone whether they’re doing it legitimately or not. The code of practice aims to ease these pressures, outlining how organisations can increase transparency and compliance with the Data Protection Act.
There is an argument that says ‘If we shared less data we’d have less risk’ but the reality is that organisations need data, and will have to get it from somewhere, so lets do it properly. The ICO’s code of practice is the first of its kind in the world - there is no one country that has set the example for others to follow so far. Organisations need to take note of the guidance given within the document. While following the code is not a legal requirement, applying its advice on good practice with online consumer interaction will help build consumer trust, brand reputation and limit the likelihood of regulator enforcement and fines.
UK Privacy Officer