The UK Information Commissioner’s Office (ICO) has published its three-year corporate plan, setting out how it intends to address and tackle the challenges it faces in information regulation.
The ICO highlights the resource challenges it faces as a result of increasing awareness and concern for privacy rights and redress amongst both consumers and citizens as a result of the use of digital services. It cites rapid developments in cloud computing, the Internet of Things, “Open-Data” exploitation, the use of Big Data and the recent Snowden revelations of interception of communications data by security services as adding to those challenges. Additionally, the ICO sees its role as a regulator changing over the next three years as Europe moves towards a new Data Protection Regulation that will deliver greater consistency and closer relationships with other data protection authorities around the globe.
The ICO focuses on a number of broad commitments that it shall focus on to achieve its aims, including helping “organisations better understand their information rights obligations”, where it highlights the development and promotion of accreditation, trust mark and seal schemes to build the commitment of organisations to achieving good data protection practice.
Under “Enforcement”, the ICO highlights the development of an online self-reporting breach tool and use of civil monetary penalties for serious breaches of the Data Protection Act; working closely with other investigative and prosecuting authorities in prosecuting those who commit criminal offences under the Data Protection Act; using its “enforcement notice” power “where there is a significant risk to information rights” and obtaining formal undertakings from organisations where required, and “enforcing the Privacy and Electronic Communications Regulations (in particular relating to nuisance calls, SPAM texts and cookies) in a proportionate and effective way.”
The ICO’s Corporate Plan, “Looking ahead, staying ahead”, is available here.