![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
The
of the Information Commissioner's Office (ICO) was launched on Thursday 5 July. The report shows at a glance what the ICO has been doing over the 12 months to 31 March. Announcing the release of the report, the information commissioner took the opportunity to highlight the fact that the ICO has "bared its teeth" with the imposition of 10 civil monetary penalties, totaling £861,000, during the last financial year. According to the report, there was a 43-percent increase in complaints under the revised Privacy and Electronic Communications Regulations, with 83 percent of the complaints relating to unsolicited texts and phone calls. At the launch of the report, the information commissioner made clear that the ICO will be pursuing senders of unsolicited texts who are in clear breach of the updated rules under these regulations. He also indicated that the ICO will take "appropriate and proportionate enforcement action" over the coming months if organisations cannot show that they are taking reasonable steps to comply with the new cookie rules. The report also highlights the work undertaken by the ICO in relation to its data protection audit programme. According to the report, there were 42 audits completed, an increase of 60 percent over the previous year. Over one-quarter of these audits were undertaken within private-sector organizations, 24 percent with central government departments and 38 percent with NHS trusts and local authorities. However, the report indicates that ICO will continue to seek compulsory audit powers in respect of the NHS and local government sector.
ICO invites responses on the use of privacy impact assessments
Following the proposal in the draft EU Data Protection Regulation to make privacy impact assessments compulsory in certain circumstances, the ICO has published a questionnaire on the use of such assessments. The ICO is seeking input from organisations about their experiences of using privacy impact assessments in practice. According to the ICO, the objective of doing so is to use the evidence collected to try to influence the legislative process so that privacy impact assessments will be effective in practice in the future.
ICO releases a new IT security guide for small businesses
The ICO has released a new
, the aim of which is to provide practical advice to small businesses in the area of IT security. In it, the ICO highlights the downsides of breaching the security requirements of the UK Data Protection Act 1998, namely, a possible fine of up to £500,000 in serious cases and reputational damage. The guide advocates undertaking a risk assessment as the first step towards compliance. It also suggests using a layered approach to security so that if one layer fails, then the other layers provide a safety net. The guide includes a checklist for taking a layered approach to security. It also provides more in-depth advice in certain areas.
