Feeds

Info Commissioner admits 'It's going to be tough'

Improving FoI compliance - with extreme prejudice

The Essential Guide to IT Transformation

He can't put a figure on it, but suggests that FoI must be saving public services million of pounds every year, just in terms of rooting out expenditure that is difficult to justify.

On data protection, Graham believes that after the warning delivered by the loss of child benefit records, government is putting a lot of effort into ensuring there are no similar disasters. In addition, his office is auditing departments, has the power to carry out assessments of compliance with the Data Protection Act and, since April, has been able to use civil monetary penalties of up to £500,000 for breaches. He promises that penalties are "coming down the track shortly" which will teach organisations that the ICO "is for real and in earnest".

Winning the confidence of the patients and residents is a continuous battle for health authorities or local councils, he believes, and although a fine is a waste of money, the damage to reputation matters more. Over the coming months the ICO's attention will be turned to information sharing and a draft code on the matter, published for consultation in October, aims to help organisations make the best use of technology to deliver better services without losing public confidence.

Graham says it's important to provide good guidance and that the ICO is not just a "scowling regulator itching to impose fines".

"We are not a regulator that gets off on regulation," he states. "We want to help the vast majority who do things properly to do things even better and get stuff done, and we don't want to get in their hair.

"But we do want to get into the hair of the minority of operators who either know and don't care, or who don't take the trouble to find out what their obligations are, and make a compete mess of data protection."

The NHS appears to have particular problems with data protection, but the commissioner says that because the health service has had a "torrid time" with data breaches over the years, it now has specific obligations for reporting them. The fact that it reports a lot of breaches to the ICO does not necessarily mean it is the worst offender, however, and Graham suspects there are an awful lot of breaches going on elsewhere that he doesn't get to hear about.

"On the other hand I weep when I see headlines, as I did in the local paper the other day, 'medical records left at bus stop'. And you think, where have people been for the last five or 10 years."

He has ongoing concerns about the increasing amount of data held by the police and says that the only recent change is that the government's adviser on criminality information, Sunita Mason, supported his view that police forces had to be better at securing information.

Outsouring, offshoring and cloud computing all pose particular security threats. The commissioner argues that data controllers have to put in place the best arrangements possible so that contractors are clear about good practice and lines of responsibility.

"It's not a defence to say 'It's all very difficult and the technology ran away with me', if you can't demonstrate to me that you have taken every step to safeguard individuals' information," he maintains.

As to priorities for the coming year, he says that in addition to helping to free up more information and help organisations avoid catastrophic mistakes with other people's data, he would like his office to be more obviously independent of government.

"I would like to be in the position that the parliamentary ombudsman is in," he says. "Ann Abraham is reporting directly to Parliament, whereas the ICO reports through the Ministry of Justice.

"It would help me see off some of the swivel-eyed critics of the Information Commissioner's Office who think it's all a government plot."

By the end of the interview the weather outside is brighter, but the financial forecast is unsettled and Graham predicts that "doing more for less will be key".

How will he achieve this? "Well, I have a day tomorrow working out how we will manage that. But thinking over the next three years or so, it's going to be tough."

Christopher Graham will be among the speakers at Kable's Information Security and Identity Management in the Public Sector conference, taking place in London on 3 November.

This article was originally published at Kable.

Kable's GC weekly is a free email newsletter covering the latest news and analysis of public sector technology. To register click here.

The Essential Guide to IT Transformation

More from The Register

next story
Has Europe cut the UK adrift on data protection?
EU reckons we've one foot out the door anyway
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Government's 'Google Review' copyright rules become law
Welcome in a New Era ... of copyright litigation
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.