MPs call for more investigatory powers for ICO

Written by Rebecca Hill on 21 June 2016 in News
News

The Information Commissioner’s Office should have greater powers to audit local government and health organisations, MPs have said.

The committee has called for the authority to be given more powers of investigation - Photo credit: Flickr, theilr

The House of Commons Culture, Media and Sport Committee’s report into cyber security and the protection of personal data online says that the ICO’s powers of non-consensual audits should be extended.

“The ICO should have additional powers of non-consensual audit, notably for health, local government and potentially other sectors,” the report stated.


Related content

Councils sidelining information governance teams, says ICO
ICO survey: 36% of public trust government to protect their data


The committee’s inquiry was launched following a cyber-attack on TalkTalk that saw the release of customer data, but the inquiry also aimed to assess cyber-security more generally.

The committee noted that many data breaches occur outside of the private sector, citing ICO research that shows the health sector has the most data breaches, followed by local government.

It adds that a number of breaches are not the cause of external actors, but come from staff, contractors or suppliers – either intentionally or accidentally.

A further recommendation is that organisations should proactively demonstrate what they are doing to tackle cybersecurity threats.

Those holding large amounts of personal data – including those holding information on taxpayers and patients – should report annually to the ICO on staff cyber-awareness training, auditing of security processes, incident management plans, guidance for suppliers, and the number of attacks they know about.

In addition, the committee said that, although the ICO did not complain about a lack of capacity when it gave evidence, “it seems evident that 30 enforcement staff are not enough to handle 1,000 cases and almost 12,000 public concerns a year”.

As such, the committee recommended that the information commissioner make an assessment of resources and priorities “as soon as possible”.

The ICO should also be given more power to hike up fines and offer incentives for early reporting of a breach, the report said.

Share this page

Tags

Categories

Add new comment

Related Articles

Dutch government to trial blockchain-based digital law
15 December 2017

Country’s Ministry of Justice and Security to experiment with online process for informing criminal suspects of relevant laws and options

The ten key questions – and nine answers – facing the public sector on GDPR
11 December 2017

With less than six months until new data-protection law is introduced, PublicTechnology hears from regulators and data professionals across central and local government about what they...