![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
At the 10th annual data protection compliance conference held in London, the information commissioner made clear that compulsory audits are needed in local government, the health service and the private sector. Currently, the power of the UK Information Commissioner’s Office (ICO) to conduct compulsory audits is limited to central government departments. Consent is needed from other organisations before an audit can take place.
The ICO has pointed out that the most serious data protection breaches that have attracted civil monetary penalties have occurred in the local government sector. In addition, according to the ICO, most data protection complaints are generated by businesses. Nevertheless, only a small number of businesses are willing to undergo an audit by the ICO. This reluctance means that the ICO cannot get into organisations to find out how personal data is really being handled.
The information commissioner has indicated that he is putting together a business case for the extension of his audit powers under the Coroners and Justice Act 2009.
