Out-Law / Your Daily Need-To-Know

Tips for Christopher Graham, Britain's new privacy chief

03 Jul 2009, 2:05 pm

The new Information Commissioner has a better opportunity to make a direct connection with the public and change privacy culture in the UK than any of his predecessors, information law experts have said.

Christopher Graham has just become the UK's new Information Commissioner, replacing Richard Thomas who stepped down this week after nine years. The Information Commissioner is the person responsible for policing the Data Protection Act and the Freedom of Information (FOI) Act. Graham was previously the director general of the Advertising Standards Agency (ASA).

Graham will have stronger enforcement powers than his predecessors after the Information Commissioner's Office (ICO) was given the power to fine organisations directly for serious breaches of the data protection principles earlier this year. He will also be able to audit public bodies' data protection practices without their consent under a law going through the legislative process. "He should utilise his new powers to issue civil penalty notices which will provide an excellent opportunity to refresh the approach to enforcement, which has been the subject of some criticism in the past," said William Malcolm, a data protection expert at Pinsent Masons, the law firm behind OUT-LAW.COM. Rosemary Jay, also a data protection expert at Pinsent Masons, said that the new Commissioner will face more scrutiny than his predecessor, but will also enjoy greater public support in his work. "We think people are becoming more concerned about their personal data as they become more aware of the importance of data held about them, as well as the fact that what organisations do with data has more direct impact on access to services," she said. Malcolm said that the attention of the public is welcome, but that Graham will have to live up to the hopes of people who are increasingly aware of threats to their privacy. "Public expectations of organisations have increased and organisations have responded, but some organisations have failed to put privacy at the core of what they do and how they operate," he said. "The new Commissioner has to send a powerful message that such an approach will not be tolerated by him. He has to show that failure to respect fundamental principles will simply not be accepted by him or his office." Jay said that Graham's predecessor was successful in the way that he communicated the importance of privacy to the general public. "Richard Thomas’ success was the way he worked with the press and his ability to popularise the debate," she said. "He was also successful in stepping up enforcement action and increasing the level of public debate." Graham will have different challenges to Thomas though, she said. Now that the profile of privacy is higher than ever Graham will have to ensure that large organisations consider it every time they make major decisions. "But if he is to be considered a success in five years' time, the new Commissioner will have to have made steps towards building a commitment to privacy rights into the fabric of decision making," said Jay. "He also should have increased public engagement in the issues because recent events have shown the public can be rather effective at moving Government." Malcolm said that as Government bodies gather and share increasing amounts of personal data, it is more important than ever that the Commissioner ensures that people's privacy rights are protected. "In the public sector the drive towards data sharing, shared services and joined up working will continue to present challenges form a data sharing and governance perspective," he said. "The ICO needs to offer clear authoritive guidance in this area and needs to work with the public sector to ensure the guidance is workable. That guidance needs to to followed by clear guidance for the public on what they should expect form the public sector."