Home Office promises proactive powers for info commissioner
Surveillance to police the surveillance society
Agentless Backup is Not a Myth
The Home Office has promised to give the Information Commissioner powers to make spot inspections on people's databases to determine if they have complied with the Data Protection Act.
Reporting to the first hearing of the Home Office Select Committee into the surveillance society today, Information Commissioner Richard Thomas said: "The Home Office have accepted in principle that we should have the power to go in and inspect.
"We have got the government to agree we should have that power - if not in the statute, in the code of practice," he said.
However, he later told the hearing that though his office had been lobbying the Home Office, the Lord Chancellor, and the Department of Constitutional Affairs, he still couldn't be sure he would actually get inspection powers.
"They smile and say they will do it when they can, but we haven't yet had a firm commitment that they will change the law," he said, adding that the European Commission had also waded in to support the idea.
Thomas said his office's brief presently required it to get the consent of the data controller before inspecting someone's data to assess whether it was fairly managed - unless it had enough evidence of criminal behaviour to get a judge to sign a warrant.
He was unhappy that while other regulators were allowed to make spot inspections, he wasn't: "To know that the regulator can step in has a very sharp deterrent effect on organisations."
Thomas said it had also "been broadly accepted" that he would regulate public sector access to private sector databases.
"We need a framework to make sure the legitimate purposes of the police and law enforcement bodies are served by accessing this data, that it's not a free for all - they can go and and look at everyone's data and just make merry with it - it's got to be proportionate, for a defined purpose," he said. ®
COMMENTS
take model of the french HALD
Although not leaving in the UK, I follow the school fingerprints scandal, and I have to say, given the current ICO behaviour in all that, giving him any more powers (yes, it's largely needed) won't change anything.
The guy (or his office, can't recall) has basically stated, on school fingerprinting, "Too late, it's done, can't do nothing", which has been reported by El Reg. How can it be anything but bollocks to give any proactive powers to such a moron ?
The UK gov. would be well advised to take the model of the french HALD (Haute Autorite de la Lutte contre les Discriminations) which, even with a probably lower budget, manages to sue people for skin color (and other) discriminations, and gradually change minds (yeah, I know, still a long way).
It works because the boss is good and they have control powers.
The ICO will have to find a boss first, then get control powers.
Without that, it will be, as others above have posted, a waste of space.
It depends on the people running it
And whether they posses backbones.
Sometimes, and I'll happily admit - not often, people working for these quangos do take their jobs seriously.
They do want to make sure that the oversight they've been tasked with is carried out.
Obviously you hit on one of the reasons things don't happen as they should - adequate resources.
The other main problem is that of authority. If the quango has no authority, it can't do much of anything except complain - much like the various organizations that complain about proposed European legislation violating privacy rights. They do what they can by bringing things to the attention of the public, but without any authority or laws to back them up nothing ever happens.
The chances are that no real powers of investigation and no power to dish out sanctions to those that violate the law will be given by a government so intent on turning Britain into a police state.
You have to wonder at what these people are thinking when they run for office. What is it that parents do to them as children that turns them into selfish, greedy, paranoid bastards - with great public speaking skills?
"I know, although my job is to represent those that voted for me, what I'll do instead is assume every one of them is a terrorist - and if I make a few quid from businesses that profit from the bills I pass into law, everybody wins - well everyone except the people that voted for me."
And of course...
This will also apply to Government databases etc, won't it?
After all, the Data Protection Act says that:
"Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes." and...
"Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed." and...
"Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes."
etc etc.
http://www.opsi.gov.uk/acts/acts1998/80029--l.htm
So if, say, a Government or Police Force was holding data on a large number of citizens and decided to introduce ID cards or a National Identity Register or a DNA Database (including people who'd not been convicted of a crime)...
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Cloud based data management
Enabling efficient data center monitoring
Agentless Backup is Not a Myth
