UK privacy watchdog, the Information Commissioner’s Office (ICO), is calling for better funding, greater powers...
and guaranteed independence.
The call comes as the ICO releases its annual report, which reveals the watchdog dealt with a record 15,429 data protection complaints in the past year, up 10% compared with the previous year.
According to the report, the number of calls to the ICO’s advice helpline rose by more than 15%, while the ICO issued £1.97m worth of monetary penalties and secured 12 criminal convictions for breaches of the Data Protection Act.
In the past year, the ICO has decided on 5,296 freedom of information complaints, a 12% rise on last year’s figure, and received 161,720 reports from people concerned about spam texts and nuisance calls.
At the launch of the report, information commissioner Christopher Graham called for more powers and resources to maintain the ICO’s independence and ensure its ability to act on serious complaints.
In the report, he said that in addition to securing compliance with data protection and freedom of information laws, the ICO seeks to empower citizens to assert their rights and enable the development and delivery of new products and services without compromising privacy.
more on the ICO
- ICO probes Facebook over psychology experiment data protection fears
- Wearable tech must comply with privacy laws, warns ICO
- UK police forces fail to impress in ICO audit
- ICO publishes guide on top IT security failings
- ICO issues data protection warning to users of Windows XP
- ICO updates corporate plan for better data protection
- ICO fines charity £200,000 for data breach
- Infosec 2014: Act now, but no new EU data protection law before 2017, says ICO
- The ICO issues BYOD warning after breach
- ICO denies bias against public sector organisations
"But to be an effective partner in delivering modern and innovative services, the ICO needs stronger powers, a more sustainable funding system and a clearer guarantee of independence," Graham said in the report.
He believes that, as organisations' use of data gets ever more complicated, UK citizens need to know someone is watching over their information, and that a strong regulator is needed if a data breach affects millions of people.
ICO seeks increased funding and powers
Funding was a central theme in the previous annual report, in which the information commissioner said: “Although the budget we have received for 2013/14 means that we are confident we will be able to meet our objectives, the uncertainty of funding remains a major long-term concern.”
For the past five years, the ICO has faced a reduction in its funding for freedom of information work and notification fees for data protection.
The proposed EU data protection reforms will also remove the notification fee that funds the ICO’s work under the Data Protection Act.
In response to these changes, last year's ICO annual report called for a "wholly new method of funding".
In the latest report, Graham said parliament needs to get on with the task of establishing a single, graduated information rights levy to fund the work of the ICO.
"I look to parliament to act to strengthen the commissioner's powers, enable the adequate resourcing of the ICO, and guarantee the commissioner's independence," he said.
Supporting the ICO's call for increased funding, Chris McIntosh, chief executive of ViaSat UK, said the watchdog is still handicapped by its limited resources and powers.
He said the penalties available to the ICO are not enough to deter organisations from flouting data protection rules.
With increased funding and powers, the ICO could make its investigations even more thorough, reducing appeals and making sure its judgement is fair and final
Chris McIntosh, ViaSat UK
McIntosh said monetary penalties are also often not paid due to successful appeals and early payment reductions.
According to the latest ICO annual report, only £872,000 of the total £1.97m monetary penalties was paid.
"With increased funding and powers, the ICO could not only make sure that penalties, financial or otherwise, match the severity of an offence, it could make its investigations even more thorough – reducing the chances of appeals and making sure that its eventual judgement is both fair and final," he said.
Changing attitudes to data protection
But Simon Eappariello, European senior vice-president at iboss Network Security, said funding is not the whole answer to fixing the data privacy issue.
"While funding will critically give the ICO the manpower to handle the ever-growing number of complaints, personal and industry attitudes towards data need to change," he said.
Eappariello believes the UK needs to tackle the root cause of why so many organisations need to be investigated.
"And that buck does not stop with the ICO. It is something that should be addressed at the board level too," he said.
According to Eappariello, every healthcare organisation, retailer and business needs to review how they are protecting personal data.