Call for an inquiry on the ICO’s enforcement

A group of academics, legal practitioners and civil society representatives has written to the Science, Innovation and Technology Committee at the House of Commons with their concerns about the ICO’s performance. They call for an inquiry into ICO’s enforcement, pointing out the Information Commissioner’s shift away from enforcement in the public sector.

They mention as an example the Ministry of Defence (MoD) Afghan data breach which the ICO did not formally investigate. “The Afghan data breach is not an isolated incident, but the symptom of deeper structural failures which are emerging in the way the ICO operates,” the signatories of the letter say. They also remark that private sector enforcement is becoming a ‘rare occurrence’ at the ICO.

Regarding the Afghan case, the ICO said in July that it had taken into account the fact that MoD responded in a timely and comprehensive way, expended vast public resources to do so, and put in place measures to stop this type of incident happening again. The ICO also stressed the cost of an investigation, and the high degree of public scrutiny, to which the ICO felt it had little to add.

In October, the ICO announced that the government has now set out the measures they will take to raise information security and data protection standards.

See:

• Letter to Science, Innovation and Technology Committee
• ICO - Update on our work to raise data protection standards in the public sector