deepagopi2011 - Fotolia
The past year has been one of “real achievement”, according to outgoing information commissioner Christopher Graham.
“We have delivered on our objectives, responded to new challenges and prepared for big changes, particularly in the data protection and privacy field,” he said in his last annual report, before handing over to his successor, Elizabeth Denham.
Graham was appointed on a five-year term in 2009, which was extended for two years.
“The ICO has had to respond effectively to the unexpected. These include big data breaches, such as that at Talk Talk, and acting on newspaper allegations around charity fundraising methods that breached data protection and privacy law,” he said.
“The ICO also took part in the debate on surveillance and security and the Investigatory Powers Bill. And, in its responses following the Schrems judgment, with all the implications for transatlantic data flows, the ICO’s influential counsel helped to avert a meltdown.”
According to the report, the ICO also offered expert advice to many parliamentary committees, including the Burns Commission and its review of freedom of information law, and began preparing for new data protection reforms.
Graham said the credit for another year of high performance is shared by staff at every level of the organisation, and he thanked everyone at the ICO for their contribution.
ICO post-Brexit result
Speaking at the launch of the report in London, he said the ICO will be discussing with government the implications of the referendum result and its effect on data protection reform in the UK.
“With so many businesses and services operating across borders, international consistency around data protection laws and rights is crucial to businesses, organisations, consumers and citizens. The ICO’s role has always involved working closely with regulators in other countries, and that will continue to be the case,” said Graham.
He said having clear laws with safeguards in place is more important than ever, given the growing digital economy. “We will be speaking to government to present our view that reform of the UK law remains necessary.”
The report reveals that in the past 12 months, the ICO received 16,388 data protection concerns, answered 194,728 helpline calls and received 161,190 complaints about nuisance calls.
During the past year, changes in the rules on nuisance marketing meant the ICO was able to issue fines totalling more than £2m.
Denham first information commissioner under GDPR
For the next five years at least, the ICO will be led by Denham, who takes up the role after a six-year term as the information and privacy commissioner for the province of British Columbia.
Previously, she was the assistant privacy commissioner of Canada from 2007 to 2010, and a director at the Office of the Information and Privacy Commissioner of Alberta from 2003 to 2007.
Denham will be the first UK information commissioner to work under the European Union (EU) General Data Protection Regulation (GDPR). She will have to manage the change that it will bring to data protection in the UK, particularly for companies with dealings in the EU.
Denham will also be the first information commissioner to work under the UK government’s planned Investigatory Powers Bill that is getting ever closer to becoming law.
She may have to bring her experience in handling government in British Columbia to bear in the face of legislation that seeks controversial powers of data collection and usage.
Changes and challenges
Denham said in a statement in March 2016 that she believes the rapid pace of technological change will continue to accelerate and present challenges to information rights.
“We must ensure access to information while maintaining high standards of data protection. The ICO has a global reputation for practical, innovative and responsive regulation. I look forward to contributing to this work,” she said.
Commenting on Denham’s appointment, Graham is on record as saying he believes she will be a “great leader” of the ICO.
“I know she will continue with the approach developed by Richard Thomas and carried on by me to make sure the ICO is an effective partner in delivering information rights in the UK, and an influential voice in Europe, to achieve the benefits of the digital era while retaining citizens’ rights, privacy and respect,” he said.
Read more about the GDPR
- The staffing impact of the GDPR will be huge, with 28,000 data protection officers in Europe alone, says the International Association of Privacy Professionals.
- The European General Data Protection Regulation (GDPR) is legislation that needs to be taken seriously by business, says UK information commissioner Christopher Graham.
- EU data protection rules affect everyone, say legal experts.
- More than half of European companies do not know about the legislation planned to unify data protection laws.