Feeds

ICO to 'focus' on health sector when enforcing info rights

A breach too far?

Choosing a cloud hosting partner with confidence

The Information Commissioner's Office (ICO) is to give "particular regulatory attention" to health organisations as it focuses on areas most likely to result in damage to people's information rights, the watchdog has said.

The ICO, which ensures compliance with UK data protection, e-privacy and freedom of information laws, announced the priority as part of a new information rights strategy. Other areas the ICO will focus its attention on are credit and finance, criminal justice, internet and mobile services and security, the strategy said.

The ICO said that it is impossible to "address all risks to the upholding of information rights equally". It said it would make choices about the cases it would take enforcement action in based on the benefits it perceives could be achieved by doing so.

"We cannot address all risks to the upholding of information rights equally nor should we attempt to do so," the ICO said in its information rights strategy (17-page / 303KB PDF). "We will make choices where we can whilst acknowledging that the legislative framework imposes certain obligations on us particularly in relation to our casework."

"We have to recognise that there is a legitimate expectation that we will enforce the law, that the decisions we take will be robust ones and that we have to provide good customer service but this does not mean that we cannot make choices," it said. "Our choices will be driven by the external outcomes we are seeking – how can we deploy our effort and the effort of those we regulate in a way that makes the maximum long term and sustained contribution to the outcomes we are seeking and does not just provide short term fixes? Put simply – how do we deliver best value for money in the upholding of information rights?"

When choosing the cases to pursue the ICO will "take account of factors such as the volume, nature and sensitivity of information involved and the number of people whose information rights might be impacted on in any situation".

The ICO also said it would weigh-up the issues that are in the public interest when prioritising its workload. The watchdog said it would take into account the importance the public places on "different aspects of information rights" and said it was prepared to adopt positions that are not "universally popular".

"We take the view that sometimes the public interest will be best served by us acting to protect the information rights of minorities or by us drawing attention to the downsides of new developments that might otherwise appear attractive," the ICO's strategy said.

Decisions on ICO intervention will also be assessed on how likely that action is "to make a real difference" where the aim will be to get "as big a return in furthering delivery of our desired outcomes as is possible for the resources we and those we regulate invest," the watchdog said. The ICO will be pro-active in attempting to prevent breaches of information rights from occurring rather than devoting resources to a "cure" when breaches happen.

"Education, awareness raising and the provision of guidance are therefore key activities for us," the strategy said.

The ICO said it would look for opportunities to "defend or promote" rights concerned with information in the public sector where bodies are supposed to be "open and accountable" with how they spend public money and in their decision making.

Priorities will "inevitably" be determined by "element of subjective judgement involved in the assessment of information rights risks" but this judgement will be based "as far as possible" on "evidence, analysis and experience," the ICO said.

The ICO said it was committed to ensuring its activities were conducted transparently, proportionately, consistently and on a targeted basis, and said it would be accountable for its work.

Broad goals for the ICO to achieve as part of its information rights strategy include ensuring a "high proportion" of members of the public are aware of their information rights and how to exercise them and to help develop this understanding within the "formal education system".

The ICO also hopes to improve public confidence in the upholding of information rights. The strategy contains further aims to establish "a high level of awareness" within organisations of their obligations under information rights law and ensuring that those obligations are met. Organisational culture, processes and new systems should contain good practice in how information rights are complied with, the ICO said.

Information Commissioner Christopher Graham said that businesses should not cut back on data security as a result of financial pressures.

"Businesses under pressure in the downturn must be tempted to cut corners and push boundaries," Graham said in a blog post. "That’s a bad call, since the first casualty of a big data breach is going to be a brand’s reputation. Consumers will abandon companies that disrespect their privacy. (And that’s leaving aside the ICO’s power to levy a civil monetary penalty of up to £500,000 for serious breaches of the data protection principles.)"

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Business security measures using SSL

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.