ICO demands better funding as data protection and FOI complaints rise

July 16, 2014

The Information Commissioner has called for stronger powers and better funding after receiving a record number of complaints about data protection and freedom of information in 2013/14.

In its annual report the ICO said it had received 14,738 data protection complaints over the 12-month period, up 7.1% on 2012/13 (13,760), with the local government and health sectors generating – after lenders – the highest number of complaints.

However, the watchdog added that it had managed to close more cases (15,492) than it received during 2013/14. The number of closures was up by 8.5%.

The ICO also saw its freedom of information and environmental casework rise during the year. It handled 5,151 complaints, up 9.9%. Again, it closed more complaints than it received.

Overall, the watchdog received 259,093 calls to its helpline, an increase of more than 10%.

In relation to its enforcement powers, the Information Commissioner issued £1.97m-worth of civil monetary penalties, seven enforcement notices and 28 undertakings.

Unveiling the report, Christopher Graham, the Information Commissioner, said the figures – together with developments such as the care.data launch, Facebook’s research and the Google ‘right to be forgotten’ ruling – showed why an independent regulator overseeing the handling of people’s personal data was needed.

“Independence means someone who’s got the resources to take on this ever-growing number of cases,” he said. “The last twelve months have been a record year – more complaints resolved than ever, more enforcement action taken and more advice given through our helpline.”

He added: “It also means having the powers to act on the more serious complaints. A strong regulator is needed if a data breach affects millions of people.

“That someone is the Information Commissioner. We’re effective, efficient and busier than ever. But to do our job properly, to represent people properly, we need stronger powers, more sustainable funding and a clearer guarantee of independence.”

Writing in the foreword to the report, Graham also argued that effective information rights regulation on the ICO model would be vital in rebuilding necessary public confidence, both in digital services, whether commercial or public sector, and in transparent and accountable government.

“The Edward Snowden revelations about state surveillance, the botched communications around care.data and access to patient records in the NHS, and the all too common foot-dragging by public authorities around the publication of ‘inconvenient truths’ about policy and performance – all these serve to make it more difficult to secure the necessary public support for the introduction of new and better ways of delivering services in the cash-strapped public sector,” he said.

The Information Commissioner added that his office needed to be able to audit “any and all” data controllers and public authorities for compliance with information rights laws.

He warned too that the mixed system of notification fees for data protection work and grant-in-aid for FOI was “becoming increasingly difficult [for the ICO] to manage”.

The ICO’s grant-in-aid had been cut by the Ministry of Justice every year since 2009, he reported, and was “simply not adequate for us to do the work we could and should be doing to promote greater efficiency and accountability in the public service”.

Calling for Parliament to progress the establishment of a single, graduated information rights levy, Graham added: “The apportionment of office overheads between the two funding streams means that we are held back from doing all we could on data protection because of the perverse impacts on our restricted freedom of information budget.

“There will in any case need to be a new means of funding our data protection work when the new EU Regulation is finally settled.”

Graham also suggested that the watchdog needed the guarantee of independence that came with a more formal relationship with Parliament that was the case at present. “We value our involvement in Whitehall policy making, but to be an effective partner the ICO must be recognised as more than just another non- departmental public body.”

The ICO’s annual report can be viewed here.