The Information Commissioner’s Office (ICO) has launched a consultation on its new Data Protection Strategy, which sets out how it intends to regulate itself and minimise risks to data.
The strategy, which was announced at the Privacy Laws & Business annual conference in Cambridge, is concerned with maximising the ICO’s long term effectiveness in good practice.
The ICO is an independent body that is responsible for the access to and protection of information as well as lobbying for information protection laws. The draft explains how the ICO will focus its data protection resources on situations where there is a high risk of harm through improper use of personal information.
David Smith, deputy commissioner at the ICO, said at the launch that he wanted organisations to “inspire trust by meeting reasonable expectations of integrity, security and fairness in the collection and use of personal information”, and for individuals to “understand how their information is used and [be] aware of their rights”.
Any UK organisation processing people’s personal details is obliged to comply with the principles of the Data Protection Act, which the ICO enforces. The principles include making it illegal to obtain, disclose or procure the disclosure of personal information without the consent of the organisation holding the data, to fairly and accurately process data for relevant means, and to keep data secure.
Last month, the ICO found retailer Littlewoods and mobile phone provider Orange guilty of breaching the Data Protection Act, and ordered both companies to sign a declaration that they would better protect their customer data. In March, it said 11 banks had breached the code by dumping customer records in rubbish bins outside their premises. But concerns have been raised that the watchdog is unable to take tougher action than simply administering a warning.