Businesses have reacted with caution to calls from the information commissioner for greater powers to investigate and penalise firms that flout the Data Protection Act.
Employers group the Confederation of British Industry (CBI) said there should be a lot of hard thinking and public debate before giving the regulator new powers that could potentially disrupt commerce.
"There is a danger that the government will latch on to populist, easy solutions that just create more problems. If powers are given to the information commissioner to burst into businesses willy-nilly, the impact would be enormous," said Jeremy Beale, head of e-business at the CBI.
The CBI's warning follows concerns from information commissioner Richard Thomas that the growth of surveillance and data sharing has highlighted weaknesses in enforcement powers.
"Improvements to the commissioner's powers to undertake proactive audits and the introduction of a penalty for flagrant breaches of the Data Protection Act would send a strong signal that compliance law is not just for the virtuous," Thomas said in a submission to the Home Affairs Select Committee.
However, Beale said the commissioner's proposals would themselves hand too much surveillance power to the state. "He is criticising surveillance and intrusion, but those are the very powers he is asking for," he said.
Philip Virgo, strategic adviser to the Institute for the Management of Information Systems, said that although the commissioner needed more powers, it was more important to increase penalties than to give the watchdog greater audit powers.
"The powers of the information commissioner to organise prosecutions are much more limited than regulators such as the Financial Services Authority and information commissioners in other parts of Europe," he said. "When there are prosecutions, you get pretty derisory fines."
The Institute of Directors, however, welcomed the information commissioner's proposals, saying that they could boost the public's confidence in using the internet for e-commerce.
Jim Norton, senior policy adviser at the Institute of Directors, said, "It is important that it is brought home to everyone, including directors at board level, that they have responsibility for security of data throughout their organisations."
Comment on this article: [email protected]