Feeds

Info Commissioner admits 'It's going to be tough'

Improving FoI compliance - with extreme prejudice

Gartner critical capabilities for enterprise endpoint backup

He can't put a figure on it, but suggests that FoI must be saving public services million of pounds every year, just in terms of rooting out expenditure that is difficult to justify.

On data protection, Graham believes that after the warning delivered by the loss of child benefit records, government is putting a lot of effort into ensuring there are no similar disasters. In addition, his office is auditing departments, has the power to carry out assessments of compliance with the Data Protection Act and, since April, has been able to use civil monetary penalties of up to £500,000 for breaches. He promises that penalties are "coming down the track shortly" which will teach organisations that the ICO "is for real and in earnest".

Winning the confidence of the patients and residents is a continuous battle for health authorities or local councils, he believes, and although a fine is a waste of money, the damage to reputation matters more. Over the coming months the ICO's attention will be turned to information sharing and a draft code on the matter, published for consultation in October, aims to help organisations make the best use of technology to deliver better services without losing public confidence.

Graham says it's important to provide good guidance and that the ICO is not just a "scowling regulator itching to impose fines".

"We are not a regulator that gets off on regulation," he states. "We want to help the vast majority who do things properly to do things even better and get stuff done, and we don't want to get in their hair.

"But we do want to get into the hair of the minority of operators who either know and don't care, or who don't take the trouble to find out what their obligations are, and make a compete mess of data protection."

The NHS appears to have particular problems with data protection, but the commissioner says that because the health service has had a "torrid time" with data breaches over the years, it now has specific obligations for reporting them. The fact that it reports a lot of breaches to the ICO does not necessarily mean it is the worst offender, however, and Graham suspects there are an awful lot of breaches going on elsewhere that he doesn't get to hear about.

"On the other hand I weep when I see headlines, as I did in the local paper the other day, 'medical records left at bus stop'. And you think, where have people been for the last five or 10 years."

He has ongoing concerns about the increasing amount of data held by the police and says that the only recent change is that the government's adviser on criminality information, Sunita Mason, supported his view that police forces had to be better at securing information.

Outsouring, offshoring and cloud computing all pose particular security threats. The commissioner argues that data controllers have to put in place the best arrangements possible so that contractors are clear about good practice and lines of responsibility.

"It's not a defence to say 'It's all very difficult and the technology ran away with me', if you can't demonstrate to me that you have taken every step to safeguard individuals' information," he maintains.

As to priorities for the coming year, he says that in addition to helping to free up more information and help organisations avoid catastrophic mistakes with other people's data, he would like his office to be more obviously independent of government.

"I would like to be in the position that the parliamentary ombudsman is in," he says. "Ann Abraham is reporting directly to Parliament, whereas the ICO reports through the Ministry of Justice.

"It would help me see off some of the swivel-eyed critics of the Information Commissioner's Office who think it's all a government plot."

By the end of the interview the weather outside is brighter, but the financial forecast is unsettled and Graham predicts that "doing more for less will be key".

How will he achieve this? "Well, I have a day tomorrow working out how we will manage that. But thinking over the next three years or so, it's going to be tough."

Christopher Graham will be among the speakers at Kable's Information Security and Identity Management in the Public Sector conference, taking place in London on 3 November.

This article was originally published at Kable.

Kable's GC weekly is a free email newsletter covering the latest news and analysis of public sector technology. To register click here.

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
Apple tried to get a ban on Galaxy, judge said: NO, NO, NO
Judge Koh refuses Samsung ban for the third time
Pedals and wheel in that Google robo-car or it's off the road – Cali DMV
And insists on $5 million insurance per motor against accidents
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.