Back in February, the Information Commissioner’s Office issued its first practice recommendation under the Freedom of Information Act 2000 against Nottingham City Council for failing to have adequate procedures in place for the implementation of the Act.
And last month it published details of enforcement action taken against 11 organisations for failure to dispose of personal data in accordance with the 7th principle (obligation to put in place adequate security for personal data) of the Data Protection Act 1998. Each organisation had to give a written undertaking, detailing the nature of the various breaches, to the ICO, stating that they will comply with the DPA.
And we have already reported on the government’s approval for the ICO’s plan to impose custodial sentences for obtaining data unlawfully.
A taste of things to come? The ICO has been promising for some time to step up enforcement action, and it seems that it is beginning to live up to this promise. If nothing else, it is also clear that the ICO’s tactic of targetting high profile offenders is also bearing fruit. Both peices of legislation are often criticised for being toothless, and whilst neither of these steps have resulted in any prosecutions or fines, I think they are likely to be the first steps in a gradual increase in enforcement proceedings.
That being said, those organisations required to give undertakings had already been “outed” in the mainstream media, and it still remains that one of the biggest drivers towards DPA and FOIA compliance are the adverse publicity that breaches bring, and for DPA, the growing insistence by consumers that their data be handled securely and fairly.
1 comment so far ↓
[…] the Information Commissioner’s Office seems to be keen to show that it intends on keeping up momentum when it comes to enforcing the […]
Leave a Comment