Accessibility Links

UK data protection policy 'not strong enough'

Posted by: Laurence Simons 11/04/13

In-house lawyers will be well aware of the Information Commissioner's Office (ICO), a governmental offshoot set up to keep a beady eye on how public organisations and private companies adhere to data protection law with the power to fine those that fail to meet their obligations.

The ICO was set up by the Conservative government almost 30 years ago, in a simpler time when mobile phones were still too large to carry in a jacket pocket and computers were more like glorified typewriters than terrifying brain-robots.

According to an academic, this could mean that the body is woefully unequipped to cope with the problems of data protection that have arisen in the last decade.

Dr Karen McCullagh of the University of East Anglia has launched a study into the effectiveness of the ICO and how it is likely to develop in the future as the world of information security becomes increasingly convoluted.

"My analysis of the regulator's investigative and enforcement powers demonstrates that they have been, and continue to be, lamentably weak and ineffective," Dr McCullagh, who is affiliated with the university's law school, declared.

Given the importance placed on data security and the possibility that the EU is to introduce new regulations into this area over the coming years, it is clear that a strong and well-managed ICO would be helpful for businesses keen to know where they stand.

"If the proposed EU regulation is implemented in its current form, the ICO will face a budgetary shortfall of £42.8m - an issue the UK government has yet to address, even though it will seriously impede the effectiveness of the regulator," added Dr McCullagh.

Ultimately, whatever happens with the ICO, it is crucial that general counsel ensure adequate safeguards and controls are in place to keep personal data secure within an organisation.