The new information commissioner Richard Thomas said this week that
he hopes to persuade businesses to comply with data protection
legislation, rather than resorting to an aggressive programme of
prosecutions to keep firms in order.
Thomas, who took over the post from Elizabeth France just over a
month ago, said that while he would not hesitate to take action
against organisations that deliberately breach the rules, he
preferred constructive negotiation to tough action.
"I am not looking for convictions or prosecutions or enforcement
actions as a measure of success. I am looking for a compliant
society where organisations do these things naturally," Thomas said
in an interview with Computer Weekly.
His ambition, he said, is to change the way organisations think
about data protection, so that people think about the issues at the
design stage of a project rather than bolt on data protection as an
after-thought.
"One of the things I am keen to put across is that complying with
data protection principles is good for the organisation.
"What organisation, public or private, wants to have information
which is inaccurate; which is out of date; which has been
improperly obtained; and which leaks out of your organisation in
inappropriate circumstances?"
However, Thomas is adamant that he will take a tough line against
employees who deliberately abuse sensitive information - an issue
highlighted by Computer Weekly last week, when it reported abuse of
personal data by Inland Revenue staff.
"I have reminded people that it is a very serious criminal offence
to disclose personal information without the consent of the person
who is controlling the information. And if they come across hard
evidence that this is happening, we will prosecute."
In his previous role as director of public policy at law firm
Clifford Chance, Thomas' job was to monitor and respond to a
rapidly changing pattern of legislation, regulation and politics.
The skills he learned there will be invaluable as he grapples with
complex government initiatives ranging from electronic identity
cards to monitoring e-mails at work.
Thomas said he plans to make it a priority over the next few weeks
to review the long-delayed code of practice for IT professionals
who monitor staff e-mails, web browsing and phone calls at work.
The code alarmed employers when it was published in draft form
because of its complexity and the restrictions it imposed. Thomas
has now promised a simpler version of the code for small
businesses.
Some IT directors from small companies have already expressed fears
that this will create even more confusion, but Thomas has said
nothing yet about how it will work in practice.
ID card plan needs focus >>