The Information Commissioner's Office (ICO) should be able to charge companies for audits he conducts on their privacy processes, according to a data protection consultancy. Data protection law should also be linked explicitly to the privacy protections contained in the European Convention on Human Rights, said the company. The …
As a small corporate user
and in the firm beleif that this smacks of a consultancy firm trying to get outsourced work at exorbitant rates, the cost of investigation should only be borne by the people being investigated if they are subsequently found guilty of something significant, as a sort of "costs" order associated with any fine.
I pay for the Information Comissioner already via my registration fees. If these are not sufficient, then they should be open about this and raise them.
The alternative is that loads of "anonymous" or malicious complaints will suddenly come in and companies will be subjected to intrusive scrutiny and then handed a bill, even if nothing untoward is found. I can imagine the time and trouble an investigation would put my company to and the costs that would be levied by "experts" acting on the ICO's behalf.
I get very nervous of institutions where the investigator is also the judge, and giving them a financial motive to conduct investigations (keeping busy => empire building) could lead to a perception that they are serving their own interests, not that of the public.
Whilst I do wish to see the office made more effective, this particular avenue is not one to go down and would taint most peoples view of the ICO, which should be prevented if possible.
Do we think it would be reasonable for someone who has been investigated by the plods for something and then released with no charge to be presented with a bill for police time spent on the investigation? No we wouldn't. Same goes for ICO.
Who are these idiots who come up with these stupid ideas? Why do we give them the oxygen of publicity?
ICO needs powers of HSE
Until this organisation has 1) the technical competence 2) the organisational 'minerals' and 3) the right powers, they will be roundly ignored.
Until they can walk into a company and literally switch off insecure systems until the company can demonstrate they are secure, the ICO will be treated with contempt.
"The company also suggested that the ICO should be able to recover the costs that it incurs when examines the data protection practices of companies that might have broken the law."
If I was running a company that is following the correct data practices, I would be extremely pissed at having to pay for the ICO to "check to see if I *might* have broken the law". What kind of f**king moron lets an idea like that fly? The ICO can come and check me at THEIR OWN EXPENSE, and then if I am breaking the law, lay on the heavy fines.
Or, alternatively, please allow me to invoice the ICO for the inconvenience of the deluge of half-assed semi-malicious accusations that are likely to follow simply in order to boost the coffers of independent assessment consultancies [but then, anything with the word "consultant" is inherently evil].
The Information Commissioner is an Officer of the Crown. He can do his public duty and recoup the taxpayers' costs if he deems it appropriate by levying fines. The trouble is, he doesn't have the resources and would like to send in private consultants, turning his office into a money-spinning procurement agency.
It's a matter of incompetence
I've looked at the ICO website and it seems that they don't have so much as a literate proofreader.