UK Data Protection E-news - April 2010
The Information Commissioner’s (ICO’s) draft corporate plan for 2010-2013 says it wants to be a strong educator and enforcer. The ICO will implement the new regime of data protection civil monetary penalties promptly and proportionately. It will continue to lobby for a custodial penalty for section 55 breaches. In addition, it will ‘move towards publication of case stories to promote compliance’.
The ICO is keen to identify cases that might involve using its new powers at an early stage. More emphasis will be put on audits, and the ICO will continued to press for wider mandatory audit power in the public sector, and the introduction of such power in the private sector, to be used where non-compliance suggests it is needed.
The ICO says: “We have set up a new Good Practice department which will adopt a risk based approach to conducting audits. It will be led and staffed by trained auditors.”
“We will impose our first civil monetary penalties, in accordance with our new statutory guidance, in a timely manner and at a level that is proportionate to the breach and that commands public confidence.”
The ICO aims to close 90% of data protection complaints within three months.
The ICO plans to set up a new department that will bring together the work of the existing notification and front line operations teams and help lines. This department will aim to provide high quality answers to all telephone enquiries at first contact, and a comprehensive answer to written enquiries in a single response.
A new Code of Practice will prohibit collection of personal data from children under 12 without parental consent. The non-statutory rules, drawn up by the Committee of Advertising Practice (CAP) and the Broadcasting Committee of Advertising Practice (BCAP), will be enforced by the Advertising Standards Authority (ASA) when they come into force in September.
The new Code says that marketers must not knowingly collect from children under 12 personal information about those children for marketing without the consent of the child’s parent or guardian. It also says that marketers must not knowingly collect personal information about other people from children under 16. This amends the present Code, which does not deal with collection of data from children, although it has some other provisions to protect children under 16.
The new Code is stricter than the Direct Marketing Code of Practice of the Direct Marketing Association, which only requires parental consent for collection of personal data from children under 16. In 2007, the Information Commissioner's Office (ICO) published a Good Practice Note on Collecting Personal Information Using Websites, which referred to Trust UK, an online shopping advice service which has been discontinued, advising that parental consent was required to collect data from children under 12.
For further details on the Privacy Laws & Business UK Newsletter, please click here.
Copyright Privacy Laws & Business 2010