Feeds

British data cops: We need greater powers and more money

You want data butt kicking, we need bigger boots - ICO

Providing a secure and efficient Helpdesk

The UK's data privacy watchdog is lobbying for greater powers and funding after reporting a bumper workload.

The latest annual report from the Information Commissioner’s Office (ICO) (PDF) reveals that the bureau responded to a record number of data protection and freedom of information complaints in the year to April 2014.

The ICO handled 259,903 calls to its helpline and resolved 15,492 data protection complaints, a rise in both cases of over 10 per cent on the previous financial year. The ICO also dealt with 5,296 freedom of information complaints, a 12 per cent rise on FY 2012-13. In addition, the data privacy quango received 161,720 reports from people concerned about spam texts and nuisance calls.

Despite a higher workload, the ICO has seen a reduction in funding for its freedom of information-related work. Meanwhile proposed EU data protection reforms would remove the notification fee that funds the ICO’s work under the Data Protection Act.

Information Commissioner Christopher Graham said that the "troubled launch of care.data, Facebook’s research and the so-called Google 'right to be forgotten' ruling" show that "organisations' use of data is getting ever more complicated" and that the role of the independent data regulator is becoming even more important.

"Sometimes the state is itself the issue," Graham said in a statement. "When the Intelligence and Security Committee wanted to know how the Snowden revelations fitted with data protection law, it was the Information Commissioner they turned to."

Graham wants increased powers as well as a bigger budget, and some moves along these lines are already happening. For example, enforced subject access will become a criminal offence from December 2014. Enforced subject access is where individuals are forced by someone like a prospective employer to make a DPA subject access request and reveal the results to them, typically in relation to criminal conviction data. This data might include convictions considered "spent" under the Rehabilitation of Offenders Act.

Security vendors are somewhat split on whether the ICO should receive extra funding and greater powers. The ICO does not receive the cash from the fines it levies. While penalties totalling £1.97m were issued, the ICO only collected £872K thanks to a combination of early payment reductions, appeals and impairments – which it had to hand over to the Treasury's Consolidated Fund.

The ICO said its two main sources of income are the MoJ's grant in aid, which covers its FOI work, and the DP notification fee paid by organisations processing personal data in the UK, which covers its DP work.

One secure comms firm, ViaSat UK, argues the present system favours organisations with the money to make an early payment, or to mount an appeal – but with more resources, the ICO could make its cases more watertight.

Chris McIntosh, ViaSat chief exec, commented:

"With increased funding and powers, the ICO could not only make sure that penalties, financial or otherwise, match the severity of an offence. It could make its investigations even more thorough: reducing the chances of appeals and making sure that its eventual judgement is both fair and final.

“The ICO is already using its work over the past year to lobby for increased powers and funding and, quite frankly, it is right to do so. While doing the best with what it can, it is still handicapped by the fact that its resources, and the penalties available to it, are still not enough to deter many organisations," he added.

Another security vendor argued that changing data privacy practices more generally rather than prosecuting those caught foul of flouting data protection rules ought to be the ICO's main priority while acknowledging that it needs to money and manpower to handle an expanded caseload.

Simon Eappariello of iboss network security commented:

"Funding isn’t the magic bullet that will fix the data privacy issue. Whilst funding will critically give the ICO the manpower to handle the ever-growing number of complaints, personal and industry attitudes towards data need to change."

"Right now, the British public’s personal data is being thrown into a shared leaking bucket," he added. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.