Businesses have reacted with caution to calls from the
information commissioner for greater powers to investigate and
penalise firms that flout the
Data Protection Act.
Employers group the
Confederation of British Industry (CBI) said there should be a
lot of hard thinking and public debate before giving the regulator
new powers that could potentially disrupt commerce.
"There is a danger that the government will latch on to
populist, easy solutions that just create more problems. If powers
are given to the information commissioner to burst into businesses
willy-nilly, the impact would be enormous," said
Jeremy Beale, head of e-business at the CBI.
The CBI's warning follows concerns from information commissioner
Richard Thomas that the growth of surveillance and data sharing has
highlighted weaknesses in enforcement powers.
"Improvements to the commissioner's powers to undertake
proactive audits and the introduction of a penalty for flagrant
breaches of the Data Protection Act would send a strong signal that
compliance law is not just for the virtuous," Thomas said in a
submission to the Home Affairs Select Committee.
However, Beale said the commissioner's proposals would
themselves hand too much surveillance power to the state. "He is
criticising surveillance and intrusion, but those are the very
powers he is asking for," he said.
Philip Virgo, strategic adviser to the Institute for the
Management of Information Systems, said that although the
commissioner needed more powers, it was more important to increase
penalties than to give the watchdog greater audit powers.
"The powers of the information commissioner to organise
prosecutions are much more limited than regulators such as the
Financial Services Authority and information commissioners in other
parts of Europe," he said. "When there are prosecutions, you get
pretty derisory fines."
The Institute of Directors, however, welcomed the information
commissioner's proposals, saying that they could boost the public's
confidence in using the internet for e-commerce.
Jim Norton, senior policy adviser at the Institute of Directors,
said, "It is important that it is brought home to everyone,
including directors at board level, that they have responsibility
for security of data throughout their organisations."
Home Affairs
Select Committee website >>
The Institute of Directors website >>
The Institute for the
Management of Information Systems website >>
Information commissioner's
proposals >>
Comment on this article:
computer.weekly@rbi.co.uk