Sounds like he's decided to pull out his last few remaining teeth:(
The Information Commissioner's Office (ICO) will not investigate every complaint it receives about data protection practices by organisations, under a draft new complaint-handling procedure outlined by the watchdog. The ICO said it intends to pass some complaints it receives onto organisations to deal with, and has set out a …
Sounds like he's decided to pull out his last few remaining teeth:(
They have a statutory duty to enforce the data protection act but seemingly they won't: are we to assume nobody will prosecute the ICO for what is an intentional breach of an act of parliament (i.e. breaking the law)? Or are we getting to the point that acts (laws) are really just for the newspaper headlines? Is that a valid defence for any breach of an act of parliament then: "well, I didn't think parliament really meant it"?!
The headlines and us plebs.
What the ICO needed was a more hands off approach and an increased unwillingness to follow up on complaints. Thanks government, I'm sure no industry lobbying took place there.
Sounds to me like they are fed up of dealing with minor complaints that the organisation should have dealt with quickly.. But I am concerned that the ICO now won't actually act if the organisation fails to act...
Its a bit of a risk this decision...
They just want less work to do, so have come up with the amazing plan to literally do less work. If a company is breaching my data protection rights, that might not be a serious issue for the ICO or for the population at large, but it is a serious issue to me? How are you supposed to get the the situation handled now, when the perpetrator knows full well the ICO does not care.
A truck load of nice, soft pillows - since they are now trying to do even less than they do now.
Not ... The Fluffy Pillow!!
.... you mean you actually expect us to do something in return for our salaries?
You are clearly not fit for purpose.
You need to be replaced by something that works, and is not going to waste taxpayer money doing nothing of real use.
I would like to say you outlived your usefulness, but I'm not entirely certain you ever had that to begin with, so instead I'll just say:
"and only start logging complaints after individuals have engaged with organisations"
How are they going to know who the repeat offenders are if they don't log the complaints as they are made.
Joe Public : "Why are company X giving my personal details to everyone"
ICO : "Speak to company X"
company X : "Sorry we wont give YOUR details to anyone else"
Joe Public : "thanks"
Dave Public : "Why are company X giving my personal details to everyone"
ICO : "Speak to company X" Public : "thanks"
company X : "Sorry we wont give YOUR details to anyone else"
Dave Public : "thanks"
Fred Public : ....
No complaints logged ?
So basically, instead of the usual next to nothing, they will be doing nothing in future....
I despair. I've got a case ongoing with them and they don't seem to have done anything in the last 3 months. It would be quite pointless telling this company to deal with my complaint because it's a telemarketing parasite and they weren't listening to me in the first place......
Maybe the courts should become the first port of call instead of the ICO. I imagine they are more scared of court costs that the toothless ICO
"minor complaints that the organisation should have dealt with quickly"
what do you want to bet that there's one particular organisation out there that ICO also will decide is many different organisations with no connection whatsoever, so Her Majesty's Government can continue to get away with leaving confidential personal data on trains, in skips, and so on , without a single effective sanction ever being taken against the responsible staff?
"aww this is harder than we thought...
... lets only get out of bed on days when theres an easy win"
If they are genuinely still open for consultation the we start up a petition on the govt moan portal whatever it's called and lobby all our mates to sign up to it. Get the Reg to add it as a note to this story and it should for the ICO a fright.
"If they are genuinely still open for consultation the we start up a petition on the govt moan portal whatever it's called and lobby all our mates to sign up to it."
Sadly I suspect the "open for consultation" is slang for "we've made our minds up and everyone else can fuck off."
As someone who's been genuinely helped by the ICO on several occasions, including once where it turned out to be my own fault (I provided information I thought I hadn't), they have my sympathy, but I don't think deferring their responsibilities to the private sector is the answer, not least of which because of the private sector's conflict of interests.
If the ICO lacks the resources to deal with the current volume of complaints, well first of all I'd say that's a damning indictment of how bad the problem is, but surely the solution is to provide the ICO with more resources, whilst toughening the punishments for data protection violations, which are clearly inadequate.
Or is that too obvious?
I agree that this bears the stench of lobbying.
If there were some actual meaningful punishments for breaking the law, like for example a few weeks in prison and criminal asset recovery procedures, combined with proper enforcement so that the criminals actually face these punishments, then maybe there wouldn't be so many people breaking the law, and therefore so many complaints.
The reason so many people break the law at the moment is because they know they can get away with it.
"but surely the solution is to provide the ICO with more resources"..
I have no source but perhaps you can find it....
Representatives of the ICO gave the equivalent of a statement via Parliament that they were underfunded and therefore could not 'do their job' and, in effect, stated that this 'doing their job thing', according to 'The European Bendy Banana Thing', was not going to happen because Parliament was not going to give them the money to do their job, wink wink, so ETC.
Then they *all* exited 'stage left' to work for FaceGoogTwitThirdPartyAffiliates and lived happily ever afterwards.
"I agree that this bears the stench of lobbying."
By the ICO themselves?
Oh great. As a data processor and one of the unfortunate many who have to post off our cheques each year (oh yeh, and why can't we pay online like every other govt service?!) to remain 'registered' it reassures me to know that they will be doing even less with this money than ever now.
Posted anonymously for the purposes of irony.
In my experience, they have been down to their gums for most of their existence. I complained twice to them about a small company that I used to drive for, re. passing on other folks' phone numbers and personal details without express permission and for also passing on my own personal details and address to one of the many extortionists........sorry......... so-called private "parking enforcement" companies without my permission. All I got back was waffle and a distinct sensation that here was yet another government department sitting pretty on their backsides actually doing very little - a bit like OFCOM, really!
The Police have announced they will only investigate serious, repeat criminal offenders.
Does the ICO define "serious"?
Is it a data breach affecting one person, ten people, a thousand people?
is it a breach of one person's data that leads, to say, a financial loss - and what threshold?
The ICO needs to be reformed along the lines of the consumer banking industry. Any complaints under the DPA should be resolved in a single contact to the satisfaction of the customer or be referred to an excessively overpowered ombudsman that will rain the wrath of the gods down on the offender, whether it be for a breach or failing to reply promptly to the complaint.
I'd be happy with some threshold to be met in terms of volumes of data held before being subject to these regulations, but far, far too many big companies treat data protection as a hurdle rather than a requirement.
Politics aside, any government that publicly condones breaking the rules is a failure. Full stop.
It's one thing for back room 'get out of jail' cards to be handed out. It's wrong, but also inevitable and it's done 'classily' and discreetly.
For a government agency to publicize a policy endorsing breaking its own rules is an altogether different thing. It's an abject failure of that agency. It's like if the US President gave a speech and said he was off this whole democracy thing and was installing himself as a dictator. Or if a developer decided to restructure all the database queries to return everything in the system. Or if the warden decided this guarding prisoners thing was too hard and released everybody.
At no point, in any job, is it acceptable to say 'it's OK. We don't really care'. It's doubly worse when the government does it: 'It's OK, we don't really care, this is taxpayer money. We don't have to do anything with it other than spend it'.
With the ever rapid increasing usage / storage / transmitting / selling / leaking of people's personal data held on closed and networked computers, shouldn't the ICO be given a bigger budget to employ more people and more powers to enforce the data protection laws?
Reducing their investiagtions will only lead to more companies flying under the radar, with some actively taking advantage of the situation.
"shouldn't the ICO be given a bigger budget to employ more people and more powers to enforce the data protection laws?"
yes and no; should it be given a bigger budget from general taxation? Absolutely not. Should it be re-using income from fines to ensure it has sufficient staff etc, absolutely, and if that means fines go up 1000%, then that's, err, fine (sorry).
Should those fines be payable out of taxes when it comes to public sector bodies - not in a billion years, the money should come from the pockets of the responsible (or irresponsible?) individuals, and if an individual cannot afford to pay it, make it a general levy on the department / council in question. Too many councils / departments ignore the rules knowing there will be no personal consequences whatsoever and monumental f*ck-ups (like leaving personal info on a train) will be treated by the press as just another ordinary example of incompetence / laziness, rather than actually investigated to name and then sue the person in question, the person who allowed them to do it, and the person who hired the idiot who allowed that first person to have a job. (With apologies to idiots).
So who is the person responsible?
The secretary who posted a CD to another dept?
The case manager who didn't check that the secretary followed ISO 2001:1138 section 56 part 54 when preparing data?
The BOFH who allowed secretaries access to CD writers?
The CTO who allowed the dept to install such a crap system?
The previous minister who ordered a system which couldn't talk securely to the other dept?
Safest thing is to never send anything, so the school never mentions to social services that they haven't seen the little girl for a couple of weeks - that way nobody will get into trouble for improper transfer of information - and the papers will blame the parents when they find the body
Governments the world over all have the same accountability failings. They'll gang up on the heads of companies in Parliamentary and Congressional hearings and demand that the leader fall on his sword for the mistakes/wrongdoings of a few staff members who are about 763 pages of Org Charts away from the leadership.
But if a government agency screws up, suddenly management can't be held responsible for the actions of operational staff. After all, everyone (except the Lizard People) are a Human and they all make mistakes. It wouldn't be just to suggest a person who has devoted their life to public service be terminated because of things he had no control over. It's all shit really.
"The ICO said it intends to pass some complaints it receives onto organisations to deal with..."
Great. Because that's worked out so staggeringly well with telecoms and the energy providers, hasn't it? In Ofcom's case it takes at least 3-5 years from any given massive avalanche of complaints to a 'far too little, far too late' change to their GCs, and/or a comedy fine carefully designed to make sure wrongdoing always pays. And they're the closest to a useful regulator we have, sadly.
The energy companies 'engagement' with their victims amounts to a process of aggressive escalating bully-boy tactics calculated to put off even the most ardent dissenter, usually by convincing them its a lot easier to swallow the idea that their complaint has been addressed than push on.
"Of course when we identify serious contraventions of the legislation we regulate we have the power to take enforcement action..."
Seems very very unlikely, since its not exactly something they've soiled their hands or reputation with industry on this far in their brief, meaningless existence. The ICO was born out of a rising need, yet as time has passed their relevance has actually decreased to the point that even the credibility of their primary role as fig leaf looks under pressure. They do not come out well from even casual comparison with their equivalents in Europe and - more tellingly - the States.
"Its consultation is open until 31 January next year..."
Arguing the toss with an industry lobbied forgone conclusion looks about as fruitless as an activity can get, and an almost unforgivable waste of electricity and bandwidth to submit.
Them as can do IT
Them as can't teach IT
Them as can't teach migrate to semi-IT quangos like the ICO
"The ICO said that it intends to implement the changes to complaint handling on 1 April 2014"
No irony there, then.
Anyway, on to the point in hand; the consultation document can be found here: http://www.ico.org.uk/about_us/consultations/our_consultations
And displays all the hallmarks of a lack of proof-reading...
3. Are you able to quantify this likely increase or decrease in the burden of our activity on your business ?
[Yes] Please explain what it is:
[No] Please explain what it is: