Christopher Graham has just become the UK's new
Information Commissioner, replacing Richard Thomas who stepped down
this week after nine years. The Information Commissioner is the
person responsible for policing the Data Protection Act and the
Freedom of Information (FOI) Act. Graham was previously the
director general of the Advertising Standards Agency (ASA).
Graham will have stronger enforcement powers than his
predecessors after the Information Commissioner's Office (ICO) was
given the power to fine organisations directly for serious breaches
of the data protection principles earlier this year. He will also
be able to audit public bodies' data protection practices without
their consent under a law going through the legislative
process.
"He should utilise his new powers to issue civil penalty
notices which will provide an excellent opportunity to refresh the
approach to enforcement, which has been the subject of some
criticism in the past," said William Malcolm, a data protection
expert at Pinsent Masons, the law firm behind OUT-LAW.COM.
Rosemary Jay, also a data
protection expert at Pinsent Masons, said that the new Commissioner
will face more scrutiny than his predecessor, but will also enjoy
greater public support in his work.
"We think people are becoming more concerned about their
personal data as they become more aware of the importance of data
held about them, as well as the fact that what organisations do
with data has more direct impact on access to services," she
said.
Malcolm said that the attention of the public is welcome, but
that Graham will have to live up to the hopes of people who are
increasingly aware of threats to their privacy.
"Public expectations of organisations have increased and
organisations have responded, but some organisations have failed to
put privacy at the core of what they do and how they operate," he
said. "The new Commissioner has to send a powerful message that
such an approach will not be tolerated by him. He has to show that
failure to respect fundamental principles will simply not be
accepted by him or his office."
Jay said that Graham's predecessor was successful in the way
that he communicated the importance of privacy to the general
public. "Richard Thomas’ success was the way he worked with the
press and his ability to popularise the debate," she said. "He was
also successful in stepping up enforcement action and increasing
the level of public debate."
Graham will have different challenges to Thomas though, she
said. Now that the profile of privacy is higher than ever Graham
will have to ensure that large organisations consider it every time
they make major decisions.
"But if he is to be considered a success in five years' time,
the new Commissioner will have to have made steps towards building
a commitment to privacy rights into the fabric of decision making,"
said Jay. "He also should have increased public engagement in the
issues because recent events have shown the public can be rather
effective at moving Government."
Malcolm said that as Government bodies gather and share
increasing amounts of personal data, it is more important than ever
that the Commissioner ensures that people's privacy rights are
protected.
"In the public sector the drive towards data sharing, shared
services and joined up working will continue to present challenges
form a data sharing and governance perspective," he said. "The ICO
needs to offer clear authoritive guidance in this area and needs to
work with the public sector to ensure the guidance is workable.
That guidance needs to to followed by clear guidance for the public
on what they should expect form the public sector."
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
