Feeds

British data cops: We need greater powers and more money

You want data butt kicking, we need bigger boots - ICO

Choosing a cloud hosting partner with confidence

The UK's data privacy watchdog is lobbying for greater powers and funding after reporting a bumper workload.

The latest annual report from the Information Commissioner’s Office (ICO) (PDF) reveals that the bureau responded to a record number of data protection and freedom of information complaints in the year to April 2014.

The ICO handled 259,903 calls to its helpline and resolved 15,492 data protection complaints, a rise in both cases of over 10 per cent on the previous financial year. The ICO also dealt with 5,296 freedom of information complaints, a 12 per cent rise on FY 2012-13. In addition, the data privacy quango received 161,720 reports from people concerned about spam texts and nuisance calls.

Despite a higher workload, the ICO has seen a reduction in funding for its freedom of information-related work. Meanwhile proposed EU data protection reforms would remove the notification fee that funds the ICO’s work under the Data Protection Act.

Information Commissioner Christopher Graham said that the "troubled launch of care.data, Facebook’s research and the so-called Google 'right to be forgotten' ruling" show that "organisations' use of data is getting ever more complicated" and that the role of the independent data regulator is becoming even more important.

"Sometimes the state is itself the issue," Graham said in a statement. "When the Intelligence and Security Committee wanted to know how the Snowden revelations fitted with data protection law, it was the Information Commissioner they turned to."

Graham wants increased powers as well as a bigger budget, and some moves along these lines are already happening. For example, enforced subject access will become a criminal offence from December 2014. Enforced subject access is where individuals are forced by someone like a prospective employer to make a DPA subject access request and reveal the results to them, typically in relation to criminal conviction data. This data might include convictions considered "spent" under the Rehabilitation of Offenders Act.

Security vendors are somewhat split on whether the ICO should receive extra funding and greater powers. The ICO does not receive the cash from the fines it levies. While penalties totalling £1.97m were issued, the ICO only collected £872K thanks to a combination of early payment reductions, appeals and impairments – which it had to hand over to the Treasury's Consolidated Fund.

The ICO said its two main sources of income are the MoJ's grant in aid, which covers its FOI work, and the DP notification fee paid by organisations processing personal data in the UK, which covers its DP work.

One secure comms firm, ViaSat UK, argues the present system favours organisations with the money to make an early payment, or to mount an appeal – but with more resources, the ICO could make its cases more watertight.

Chris McIntosh, ViaSat chief exec, commented:

"With increased funding and powers, the ICO could not only make sure that penalties, financial or otherwise, match the severity of an offence. It could make its investigations even more thorough: reducing the chances of appeals and making sure that its eventual judgement is both fair and final.

“The ICO is already using its work over the past year to lobby for increased powers and funding and, quite frankly, it is right to do so. While doing the best with what it can, it is still handicapped by the fact that its resources, and the penalties available to it, are still not enough to deter many organisations," he added.

Another security vendor argued that changing data privacy practices more generally rather than prosecuting those caught foul of flouting data protection rules ought to be the ICO's main priority while acknowledging that it needs to money and manpower to handle an expanded caseload.

Simon Eappariello of iboss network security commented:

"Funding isn’t the magic bullet that will fix the data privacy issue. Whilst funding will critically give the ICO the manpower to handle the ever-growing number of complaints, personal and industry attitudes towards data need to change."

"Right now, the British public’s personal data is being thrown into a shared leaking bucket," he added. ®

Intelligent flash storage arrays

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.