Tag Archives: Mr Graham

ICO praises calls for expanding Freedom of Information powers

Reforms to the Freedom of Information (FOI) Act, which are being discussed by the government, have been given the thumbs up by data protection watchdog the Information Commissioner’s Office (ICO), which believes greater transparency will ensure greater fairness in the future.

One of the biggest changes that will be made in the first slew of reforms will reduce the amount of time that data can be withheld from the National Archives, cutting the current 30 year period of retraction to just 20 years. This means it will be easier for anyone to get their hands on court documents and papers which circulate in central government.

Once the legislation passes, it will be possible for FOI requests to be made against a wider range of individuals and organisations, including any business owned by the public sector and the Association of Chief Police Officers.

The practical applications of the FOI act will be considered and the government will also be looking into whether the changes will be effective, with a view to making further amendments if they do not go far enough towards ensuring transparency.

The ICO’s Christopher Graham, said that transparency was already being achieved in many areas, citing the publication of wages collected by high earning members of the Civil Service as just one way in which data was becoming less rigidly protected.

Mr Graham pointed out that the FOI act is six years old and so a revision and expansion of its powers seems sensible.

It is said that the public is hungry for gaining more access to the data which relates to their lives and how the country is being run, with Mr Graham speaking out in favour of this inclusive transparency that the FOI makes a legal requirement.

Mr Graham also said that he hoped the ICO would be seen as a more independent body, able to enact its duties within the public and private sector, without bias, while upholding the basic rights of data protection expected by UK citizens.

Survey finds public sector ahead in data security struggle

Organisations in the public sector are better prepared to face the risks to data security than those operating in the private sector. This is according to the findings of a survey carried out on behalf of the Information Commissioner’s Office (ICO).

This level of preparedness is said to exist as a result of improved employee awareness and training to ensure that data protection in the public sector is always evolving and being augmented.

The ICO concluded that there has been a general increase in awareness over the past year, although this is still heavily weighted in favour of the public sector, with private sector firms struggling to keep pace.

The ICO used SMSR to conduct the study and it discovered that a little less than 50 per cent of private sector firms were willing to state that secure storage of private data should be mandatory without being asked, while this is true of 60 per cent of public sector groups.

The ICO’s Christopher Graham explained that raising awareness and enforcing basic responsibilities was the cornerstone of data protection within organisations, regardless of their backgrounds. He said that this is the only way in which customers and clients can be assured that they are using a secure, trustworthy service.

Mr Graham pointed out that the ICO would be forced to respond with punitive action if an organisation was unable to live up to these ideals. He also urged managers to take into account the potential for reputational damage in the event of a data loss or theft incident, caused by a lack of training and awareness.

Data security expert Chris McIntosh said that he found it appalling to think that the terms of the Data Protection Act are still being ignored by many organisations within the private sector.

Mr McIntosh asserted that the average laptop used within businesses contains half a million pounds worth of data which, in the wrong hands, could do damage to clients and the business itself. He believes that the ICO can help increase awareness by using its powers and handing out significant fines for the worst offenders.

ICO publishes Code of Practice for data protection

The Information Commissioner’s Office (ICO) has launched a guide which is accessible online in order to define the rules that businesses and organisations should follow to ensure that data is properly protected.

Although the Personal Information Online Code of Practice is largely aimed at businesses, it also contains information that is useful for consumers who need advice as to the way in which their details will be used by various online services.

The ICO’s Christopher Graham said that consumer confidence could only be guaranteed if businesses were willing to adhere to data protection advice and also warned that fines would be incurred by firms that failed to properly secure the data for which they have responsibility.

Mr Graham spoke out against the unnecessary harvesting of user data, as well as its misuse in subsequent marketing and publicity which could diminish the trust in a relationship between a business and its customers.

The ICO believes that consumers have a part to play in protecting their personal data. They are encouraged to read the privacy policy for individual businesses and alter any settings to ensure that their details are secure. Limiting the amount of information which is made available online is also a suggested step.

Data security expert Stewart Room said that he was encouraged by the ICO’s new guidelines, particularly in relation to the way in which businesses were being made aware of the legal requirements that govern the handling of private data.

Mr Room said that although the guide is not all-encompassing, it is easy to comprehend and should provide businesses with the right information to help them comply with ICO regulations.

Mr Room believes that the ICO should be given greater powers to enforce proper data protection policy within businesses and organisations around the UK. In his opinion this should include statutory provisions rendering the reporting of data loss a mandatory requirement.

At the moment the ICO has the ability to fine firms up to half a million pounds for data loss, but some believe that unlimited fines would represent a far more significant deterrent.

Businesses caught out by increasing data protection penalties

When the Information Commissioner’s Office (ICO) receives its new powers to level heavy fines against firms that fail to uphold the regulations of the Data Protection Act (DPA) this week, experts believe that many will be under-prepared for the implications of the changes in the rules governing data.

The ICO’s ability to demand up to £500,000 from a business for a single DPA breach is intended to heighten awareness as to the dangers of data loss and aid with the prevention in the future. The ICO has been seeking greater punitive powers for years and was finally granted them in January of this year.

Christopher Graham, the Information Commissioner, said that the increasing prevalence of online consumer transactions is allowing public and private organisations to amass huge amounts of data. Improper use and inadequate protection of this data is leading at the very least to embarrassment for those businesses involved and putting everyone at risk of fraud.

Mr Graham said that he would prefer to work with businesses and organisations to ensure that data protection was properly practised, but also warned that he would not be lenient in his application of the ICO’s new powers.

Some business leaders have gladly accepted the growing powers of the ICO, since in the past it has been seen as something of an impotent regulatory body.

Legal expert Jonathan Nugent told V3 that the ICO standards covering data protection would need to be carefully studied by businesses in order to ensure full compliance. The seemingly endless stream of data loss disasters over the last few years are said to be a sign that regulatory changes were necessary.

Mr Nugent believes that the ICO will continue to take on new powers in the future, with the potential for custodial sentences being imposed if a particularly serious breach occurs.

Others believe that although the ICO’s new powers are undoubtedly a positive step, there is a likelihood that many businesses will be unaware as to the changes. It is suggested that many firms will need to review their current data protection policies in order to ensure that they meet with ICO standards.

Ground breaking data loss fines approved

After a long process of decision making and debate, the Ministry of Justice has ratified the request from the Information Commissioner’s Office (ICO) that it be allowed to raise fines against any business that is found to be in breach of the Data Protection Act.

The ICO will now be able to demand up to half a million pounds from firms which fail to adequately protect the personal information of their clients and the new rules will begin to be enforced from April this year.

The government held a public consultation in order to assess whether giving the ICO such powers would be adequate to help tackle complacency and inadequacies in the data security measures employed by enterprises in the UK.

Christopher Graham, who is the Information Commissioner, said that the growing number of interactions between businesses and customers which involve the online entry of information and the subsequent storage of personal information has led to far more serious instances of data loss.

Mr Graham also reaffirmed his dedication to cooperation with public and private bodies in order to ensure that compliance with data protection legislation was fulfilled across the board. However, he also said that he would not be afraid to make use of the newly granted powers against those who continue to flout good data security practise.

Michael Wills, the minister for Justice, said that in general, a majority of organisations were in compliance with the conditions of the data protection act and that these new fines would hopefully deter any firms from ignoring them.

In order to reach a decision as to the total fine which should be levelled against a given organisation in the event of non-compliance, various factors will be calculated. For example, the extent of the data loss and the potential threat it poses to the involved parties will be weighed against whether the firm had knowingly failed to meet government guidelines.

Experts believe that although the new fines show real intent, many will be waiting to see how the first penalties are allocated to analyse the seriousness of the ICO’s intent. Despite the belief that only the biggest firms will suffer the most significant fines in the face of data loss, it is hoped that these new powers will act as a wake-up call to businesses of all sizes.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal