Feeds

ICO to 'focus' on health sector when enforcing info rights

A breach too far?

Beginner's guide to SSL certificates

The Information Commissioner's Office (ICO) is to give "particular regulatory attention" to health organisations as it focuses on areas most likely to result in damage to people's information rights, the watchdog has said.

The ICO, which ensures compliance with UK data protection, e-privacy and freedom of information laws, announced the priority as part of a new information rights strategy. Other areas the ICO will focus its attention on are credit and finance, criminal justice, internet and mobile services and security, the strategy said.

The ICO said that it is impossible to "address all risks to the upholding of information rights equally". It said it would make choices about the cases it would take enforcement action in based on the benefits it perceives could be achieved by doing so.

"We cannot address all risks to the upholding of information rights equally nor should we attempt to do so," the ICO said in its information rights strategy (17-page / 303KB PDF). "We will make choices where we can whilst acknowledging that the legislative framework imposes certain obligations on us particularly in relation to our casework."

"We have to recognise that there is a legitimate expectation that we will enforce the law, that the decisions we take will be robust ones and that we have to provide good customer service but this does not mean that we cannot make choices," it said. "Our choices will be driven by the external outcomes we are seeking – how can we deploy our effort and the effort of those we regulate in a way that makes the maximum long term and sustained contribution to the outcomes we are seeking and does not just provide short term fixes? Put simply – how do we deliver best value for money in the upholding of information rights?"

When choosing the cases to pursue the ICO will "take account of factors such as the volume, nature and sensitivity of information involved and the number of people whose information rights might be impacted on in any situation".

The ICO also said it would weigh-up the issues that are in the public interest when prioritising its workload. The watchdog said it would take into account the importance the public places on "different aspects of information rights" and said it was prepared to adopt positions that are not "universally popular".

"We take the view that sometimes the public interest will be best served by us acting to protect the information rights of minorities or by us drawing attention to the downsides of new developments that might otherwise appear attractive," the ICO's strategy said.

Decisions on ICO intervention will also be assessed on how likely that action is "to make a real difference" where the aim will be to get "as big a return in furthering delivery of our desired outcomes as is possible for the resources we and those we regulate invest," the watchdog said. The ICO will be pro-active in attempting to prevent breaches of information rights from occurring rather than devoting resources to a "cure" when breaches happen.

"Education, awareness raising and the provision of guidance are therefore key activities for us," the strategy said.

The ICO said it would look for opportunities to "defend or promote" rights concerned with information in the public sector where bodies are supposed to be "open and accountable" with how they spend public money and in their decision making.

Priorities will "inevitably" be determined by "element of subjective judgement involved in the assessment of information rights risks" but this judgement will be based "as far as possible" on "evidence, analysis and experience," the ICO said.

The ICO said it was committed to ensuring its activities were conducted transparently, proportionately, consistently and on a targeted basis, and said it would be accountable for its work.

Broad goals for the ICO to achieve as part of its information rights strategy include ensuring a "high proportion" of members of the public are aware of their information rights and how to exercise them and to help develop this understanding within the "formal education system".

The ICO also hopes to improve public confidence in the upholding of information rights. The strategy contains further aims to establish "a high level of awareness" within organisations of their obligations under information rights law and ensuring that those obligations are met. Organisational culture, processes and new systems should contain good practice in how information rights are complied with, the ICO said.

Information Commissioner Christopher Graham said that businesses should not cut back on data security as a result of financial pressures.

"Businesses under pressure in the downturn must be tempted to cut corners and push boundaries," Graham said in a blog post. "That’s a bad call, since the first casualty of a big data breach is going to be a brand’s reputation. Consumers will abandon companies that disrespect their privacy. (And that’s leaving aside the ICO’s power to levy a civil monetary penalty of up to £500,000 for serious breaches of the data protection principles.)"

Copyright © 2012, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Intelligent flash storage arrays

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.