Feeds

Info Commissioner admits 'It's going to be tough'

Improving FoI compliance - with extreme prejudice

Choosing a cloud hosting partner with confidence

He can't put a figure on it, but suggests that FoI must be saving public services million of pounds every year, just in terms of rooting out expenditure that is difficult to justify.

On data protection, Graham believes that after the warning delivered by the loss of child benefit records, government is putting a lot of effort into ensuring there are no similar disasters. In addition, his office is auditing departments, has the power to carry out assessments of compliance with the Data Protection Act and, since April, has been able to use civil monetary penalties of up to £500,000 for breaches. He promises that penalties are "coming down the track shortly" which will teach organisations that the ICO "is for real and in earnest".

Winning the confidence of the patients and residents is a continuous battle for health authorities or local councils, he believes, and although a fine is a waste of money, the damage to reputation matters more. Over the coming months the ICO's attention will be turned to information sharing and a draft code on the matter, published for consultation in October, aims to help organisations make the best use of technology to deliver better services without losing public confidence.

Graham says it's important to provide good guidance and that the ICO is not just a "scowling regulator itching to impose fines".

"We are not a regulator that gets off on regulation," he states. "We want to help the vast majority who do things properly to do things even better and get stuff done, and we don't want to get in their hair.

"But we do want to get into the hair of the minority of operators who either know and don't care, or who don't take the trouble to find out what their obligations are, and make a compete mess of data protection."

The NHS appears to have particular problems with data protection, but the commissioner says that because the health service has had a "torrid time" with data breaches over the years, it now has specific obligations for reporting them. The fact that it reports a lot of breaches to the ICO does not necessarily mean it is the worst offender, however, and Graham suspects there are an awful lot of breaches going on elsewhere that he doesn't get to hear about.

"On the other hand I weep when I see headlines, as I did in the local paper the other day, 'medical records left at bus stop'. And you think, where have people been for the last five or 10 years."

He has ongoing concerns about the increasing amount of data held by the police and says that the only recent change is that the government's adviser on criminality information, Sunita Mason, supported his view that police forces had to be better at securing information.

Outsouring, offshoring and cloud computing all pose particular security threats. The commissioner argues that data controllers have to put in place the best arrangements possible so that contractors are clear about good practice and lines of responsibility.

"It's not a defence to say 'It's all very difficult and the technology ran away with me', if you can't demonstrate to me that you have taken every step to safeguard individuals' information," he maintains.

As to priorities for the coming year, he says that in addition to helping to free up more information and help organisations avoid catastrophic mistakes with other people's data, he would like his office to be more obviously independent of government.

"I would like to be in the position that the parliamentary ombudsman is in," he says. "Ann Abraham is reporting directly to Parliament, whereas the ICO reports through the Ministry of Justice.

"It would help me see off some of the swivel-eyed critics of the Information Commissioner's Office who think it's all a government plot."

By the end of the interview the weather outside is brighter, but the financial forecast is unsettled and Graham predicts that "doing more for less will be key".

How will he achieve this? "Well, I have a day tomorrow working out how we will manage that. But thinking over the next three years or so, it's going to be tough."

Christopher Graham will be among the speakers at Kable's Information Security and Identity Management in the Public Sector conference, taking place in London on 3 November.

This article was originally published at Kable.

Kable's GC weekly is a free email newsletter covering the latest news and analysis of public sector technology. To register click here.

Security for virtualized datacentres

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.