PL&B UK E-news, Issue 67

1. Information Commissioner calls for criminal sanctions, audit power and security breach notification

The Information Commissioner, Richard Thomas, is calling for a review of the data protection law. Thomas, giving evidence at the House of Commons Justice Committee on 4 December, said that there is a need for data security breach notification. Reaffirming his opinion put to the House of Lords Science and Technology Committee in August, Thomas said his initial view is that notifications should be made both to the ICO and the affected individuals, but only in serious data breach cases.

Thomas also demands a criminal offence to be created for data controllers who knowingly or recklessly fail to comply with the data protection principles. Controllers could avoid such sanctions if they can demonstrate in their defence that they have exercised all due diligence.

The Commissioner also asks for increased inspection powers, to which Gordon Brown, the Prime Minister, has responded positively (PL&B UK Newsletter November 2007 p.1). The Commissioner hopes that a power to conduct audits without the data subject’s consent will be included as an amendment to the Data Protection Act later in this Parliamentary session, when the House of Commons will debate the Governance of Britain Bill.

2. ICO launches handbook on how to conduct privacy impact assessments

Privacy Impact Assessments (PIAs) assist organisations in addressing the privacy risks before implementing new initiatives and technologies, and improve public confidence in organisations’ data processing. The ICO is lobbying for PIAs to be made mandatory in some cases, and hopes that there will soon be a Parliamentary recommendation on their use.

The Information Commissioner’s Office (ICO) launched, on 11 December, its handbook on how to conduct PIAs. The handbook is available as an electronic version on the ICO website

PL&B provides consultancy services on conducting PIAs.

There will be a fuller report on the advantages of PIAs and how to conduct one in the February issue of the PL&B UK newsletter.

For further details on the Privacy Laws & Business UK Newsletter, please click here.

Copyright Privacy Laws & Business 2007