MPs call for more investigatory powers for ICO

Written by Rebecca Hill on 21 June 2016 in News

The Information Commissioner’s Office should have greater powers to audit local government and health organisations, MPs have said.

The committee has called for the authority to be given more powers of investigation - Photo credit: Flickr, theilr

The House of Commons Culture, Media and Sport Committee’s report into cyber security and the protection of personal data online says that the ICO’s powers of non-consensual audits should be extended.

“The ICO should have additional powers of non-consensual audit, notably for health, local government and potentially other sectors,” the report stated.

Related content

Councils sidelining information governance teams, says ICO
ICO survey: 36% of public trust government to protect their data

The committee’s inquiry was launched following a cyber-attack on TalkTalk that saw the release of customer data, but the inquiry also aimed to assess cyber-security more generally.

The committee noted that many data breaches occur outside of the private sector, citing ICO research that shows the health sector has the most data breaches, followed by local government.

It adds that a number of breaches are not the cause of external actors, but come from staff, contractors or suppliers – either intentionally or accidentally.

A further recommendation is that organisations should proactively demonstrate what they are doing to tackle cybersecurity threats.

Those holding large amounts of personal data – including those holding information on taxpayers and patients – should report annually to the ICO on staff cyber-awareness training, auditing of security processes, incident management plans, guidance for suppliers, and the number of attacks they know about.

In addition, the committee said that, although the ICO did not complain about a lack of capacity when it gave evidence, “it seems evident that 30 enforcement staff are not enough to handle 1,000 cases and almost 12,000 public concerns a year”.

As such, the committee recommended that the information commissioner make an assessment of resources and priorities “as soon as possible”.

The ICO should also be given more power to hike up fines and offer incentives for early reporting of a breach, the report said.

Share this page




Please login to post a comment or register for a free account.

Related Articles

DCMS seeks social media monitoring firm to help ‘build comprehensive picture of misinformation’
8 April 2022

Department floats 10-month contract worth half a million pounds

Ransomware: Cabinet minister sounds alarm over ‘greatest cyberthreat to the UK’
16 May 2022

Steve Barclay urges greater reporting of attacks

Nuclear clean-up agency seeks £2m-a-year partner to help improve cyber-resilience
11 May 2022

Specialist firm sought to help identify areas where security could be bolstered

Big chill: Bank of England awards six-figure direct deal to cool datacentres at note-printing hub
10 May 2022

Contract for chillers at Essex site signed without competitive process