Greetings from Brussels!
For only the second time since taking up her post as the new head of the U.K. Information Commissioner’s Office, Elizabeth Denham spoke publically at the London KNET meeting this week hosted by Citi. A fireside chat session with London’s IAPP Co-chairs Vivienne Artz and John Bowman gave some interesting insights into the ICO’s new “commander in chief.” Denham is very much an established privacy pro in her own right, having worked in the field for over 20 years. Working first with a Canadian health authority, and then in the private sector before taking on two provincial roles and a federal role before serving since 2010 as the information and privacy commissioner for the province of British Columbia, Canada, before taking on her new role this summer.
I like her style — thoughtful in her responses, one can’t help but feel she will put her own individual stamp on the ICO with character in a refreshing way, and with a strong dimension and sense of international leadership. She was quite open, stating that when she accepted the job before 23 June — Brexit Day — she didn’t quite expect the complexity now facing the U.K. and the ICO in light of the uncertainty around what Brexit might bring. Asked about her motivations for taking the job, she was equally open on that score, citing the ICO’s long standing traditions of working in tandem with business while advising public authorities and agencies. She clarified her thought process on the role of the ICO for the future, emphasizing a pragmatic and proactive approach to facilitation with both business and the public sector.
Talking about ICO priorities for the next years, Commissioner Denham spoke about the general need for businesses to be more data protection- and security-savvy; network security is clearly becoming increasingly an important priority for the U.K. business environment. It is interesting that despite U.K. businesses doubling expenditure on security budgets in recent times, as noted in PwC’s annual Global State of Information Security Survey 2017, companies are still largely in the dark as to how many cyberattacks are hitting their businesses. Nearly a fifth of companies surveyed admitted to not knowing how many cyberattacks they experienced last year and 17 percent of all respondents were unaware of the likely source of data breaches and security incidents. Commissioner Denham would like to see these considerations treated with greater attention in the boardrooms of companies, not just in IT departments; the issues of data protection and data security are becoming more pivotal and strategic in nature in a prevalently digital economy. To meet the demands of the tech age, Commissioner Denham would like to augment the ICO’s technology expertise, and she will be looking to reinforce the office’s resources to extend that particular capacity.
Wednesday was indeed a busy day for Denham and the ICO, as telecom company TalkTalk was issued a record fine of 400,000 GBP for security failings that allowed a cyberattacker to access customer data “with ease.” A significant enforcement statement under Denham’s new leadership, she said that companies must be “diligent and vigilant,” they must do this not only because they have a duty under law, but because “they have a duty to their customers.”
On Europe, there is still much to iron out in light of the potential post-Brexit data protection and privacy environment. Commissioner Denham attended her first WP29 meeting last week in Brussels and as the largest individual member of that group, the ICO office continues to dialogue with its EU counterparts on shaping guidance matters and life under the GDPR and the eventual EDPB. Until further notice, it is very much a case of “business as usual,” Denham said, stating that GDPR compliance where relevant is advisable. Her advice is one of common and sound sense; companies need to establish accountability and good governance in times of uncertainty.
On the domestic front, the ICO continues to analyze the impact of possible scenarios as a result of Brexit, but nothing is set in stone. The ICO remains engaged in multiple ongoing consultations with the Department of Culture, Media and Sport and other U.K. departments to determine the best approach for the U.K. industry. One thing for sure is that, in the years to come, Commissioner Denham and her staff will be engaged in sensitive and diplomatic discussions as they navigate the changes to the political landscape, both at home and on the international stage.
If you want to comment on this post, you need to login.