UK Data Protection E-news - February 2010

  1. ICO consults on how it plans to conduct audits

1. ICO consults on how it plans to conduct audits

The ICO has today issued for consultation a draft code, which explains how the Commissioner intends to use his extended data protection audit powers available under the Coroners and Justice Act of 2009 (expected to be in force 6 April). Compulsory audits will first apply to Government departments, but it is likely that the power will be extended in the future to cover the rest of the public sector and some private sector companies.

Following the consultation, the ICO will publish a Code of Practice for Assessment Notices in April 2010. The Code will explain how audits will be conducted when an Assessment Notice has been served on an organisation.

Organisations will be able to check initial audit report findings and recommendations, and comment on them. The draft says: ‘A draft report will initially be presented to the data controller to enable them to comment on the factual accuracy of the report and to highlight any information pertinent to the report which might have been omitted. The data controller will be requested to comment on the recommendations and identify who should act on them. The Information Commissioner will attempt to address any issues identified by the data controller’s comments and update the audit report as appropriate.’

Responses are sought by 24 March 2010. 

Read more about this topic in the next PL&B UK Newsletter, to be published at the end of March.

For further details on the Privacy Laws & Business UK Newsletter, please click here.

Copyright Privacy Laws & Business 2010