Department for Culture, Media and Sport takes over responsibility for data protection policy

The government has transferred policy responsibility for data protection policy, sponsorship of the Information Commissioner’s Office (ICO) and sponsorship of The National Archives at Kew from the Ministry of Justice (MOJ) to the Department for Culture, Media and Sport (DCMS).

The changes came into effect of 17 September 2015, confirmed by a written statement on the website of the Houses of Parliament.

The Lord Chancellor’s responsibilities under the Public Records Act (1958) and associated legislation will be transferred as necessary to the secretary of state for culture, media and sport, John Whittingdale.

At the same time, the Cabinet Office will take over responsibility for managing government records.

Information commissioner Christopher Graham explained the rationale behind the move away from the MOJ, saying that, as the independent arbiter for information rights, the ICO had business with many different Whitehall departments, and it was important that the organisation remained “free to advise and warn as necessary”.

“It makes sense for the ICO to be well-connected to debates around the impact and potential of the digital economy – but at the same time we need independence to do our job,” he said.

“DCMS has responsibility for digital issues, but also deals with very many arm’s-length bodies whose independence is key to their contribution.”

Earlier in 2015, the ICO's annual report spoke of serious concerns over how best to fund its operations in future, highlighting as an "area of uncertainty" possible reductions in income for freedom of information work.

In 2014 the MOJ was fined £180,000 by the Information Commissioner’s Office following a data protection breach occasioned by the loss of a backup hard drive at Erlestoke Prison in Wiltshire.

The unencrypted hard drive contained confidential files on almost 3,000 inmates, including details of links to organised crime, health information and drug abuse histories.

An earlier breach at Surrey’s High Down Prison three years earlier saw the details of 16,000 prisoners mislaid in similar circumstances.

The ICO found that Erlestoke had received a new backup hard drive with encryption features included in the wake of the High Down loss, but had never enabled the security measures.