MPs call for more investigatory powers for ICO

Written by Rebecca Hill on 21 June 2016 in News

The Information Commissioner’s Office should have greater powers to audit local government and health organisations, MPs have said.

The committee has called for the authority to be given more powers of investigation - Photo credit: Flickr, theilr

The House of Commons Culture, Media and Sport Committee’s report into cyber security and the protection of personal data online says that the ICO’s powers of non-consensual audits should be extended.

“The ICO should have additional powers of non-consensual audit, notably for health, local government and potentially other sectors,” the report stated.

Related content

Councils sidelining information governance teams, says ICO
ICO survey: 36% of public trust government to protect their data

The committee’s inquiry was launched following a cyber-attack on TalkTalk that saw the release of customer data, but the inquiry also aimed to assess cyber-security more generally.

The committee noted that many data breaches occur outside of the private sector, citing ICO research that shows the health sector has the most data breaches, followed by local government.

It adds that a number of breaches are not the cause of external actors, but come from staff, contractors or suppliers – either intentionally or accidentally.

A further recommendation is that organisations should proactively demonstrate what they are doing to tackle cybersecurity threats.

Those holding large amounts of personal data – including those holding information on taxpayers and patients – should report annually to the ICO on staff cyber-awareness training, auditing of security processes, incident management plans, guidance for suppliers, and the number of attacks they know about.

In addition, the committee said that, although the ICO did not complain about a lack of capacity when it gave evidence, “it seems evident that 30 enforcement staff are not enough to handle 1,000 cases and almost 12,000 public concerns a year”.

As such, the committee recommended that the information commissioner make an assessment of resources and priorities “as soon as possible”.

The ICO should also be given more power to hike up fines and offer incentives for early reporting of a breach, the report said.

Share this page




Please login to post a comment or register for a free account.

Related Articles

EXCL: Government red team security unit to test departmental defences with hostile reconnaissance
2 December 2022

Specialist supplier will support in searching – and then attempting to take advantage of – ‘vulnerabilities and exploitable information’

Scottish Prison Service doubles digital team
28 November 2022

Organisation has also made significant use of contractors

EXCL: Cabinet Office alerted to data breach – and fails to respond for 10 days
25 November 2022

Personal details of civil servant and supplier exposed by inadequately redacted document, discovered by PublicTechnology

DWP seeks security supremo to set standards
22 November 2022

Role comes with responsibility to create a framework of measures to protect people, data and infrastructure