Information commissioner pledges to step up action against firms flouting data laws

The information commissioner Richard Thomas is to take a "get tough" approach against organisations that deliberately flout data...

The information commissioner Richard Thomas is to take a "get tough" approach against organisations that deliberately flout data protection rules.

Thomas is seeking extra funds from government to step up enforcement action and to bring test cases in contentious areas of data protection law during 2004.

The move follows complaints from businesses to the information commissioner that he has failed to do enough to enforce the Data Protection Act in the past.

Thomas said he plans to use enforcement powers in a "selective and purposeful way" against offenders and to clarify areas of law that are unclear or in dispute.

"If there are organisations flouting the rules we will come down on them hard. In cases where there is legal uncertainty, we will issue enforcement notices so they can be considered by the information tribunal," he said.

Thomas plans to press for powers of audit and inspection in public sector projects, including a series of database integration programmes under consideration by government departments.

They include proposals by the Office of National Statistics to create a single population register of every UK citizen that will link in to all other government records.

"With any government database project, and the integration of networks holding data about every adult in the country, there are risks to privacy. There will be a unique personal identification number and we want to make sure it is used properly," he said.

Thomas also plans to offer simpler jargon-free guidance and an improved helpline to assist organisations in complying with data protection regulations.

He insisted there was no need for wholesale change to the existing data protection law, but said he had delivered a shopping list of improvements to the Act to the government.

He criticised organisations such as Humberside Police and British Gas, which have used the data protection act as a smokescreen for poor practice.

Thomas said he would be reallocating resources in the Office of the Information Commissioner to fund more enforcement action.

Staff will spend less time dealing with "unreasonable demands" from the public, or complaints brought about by people solely to place pressure on organisations they have a grievance with.

Read more on IT risk management