GLD Vacancies

Extend compulsory data protection audits to local government and NHS, says ICO

The Information Commissioner is to prepare the business case for extending compulsory audit powers to local government, the NHS and the private sector in a bid to ensure compliance with data protection laws.

The ICO currently only has compulsory audit powers over central government departments. In all other cases it requires consent before being able to conduct an audit.

Speaking at the 10th annual data protection compliance conference in London, Christopher Graham said: “Something is clearly wrong when the regulator has to ask permission from the organisations causing us concern before we can audit their data protection practices. Helping the healthcare sector, local government and businesses to handle personal data better are top priorities, and yet we are powerless to get in there and find out what is really going on.

“With more data being collected about all of us than ever before, greater audit powers are urgently needed to ensure that the people handling our data are doing a proper job. I am preparing the business case for the extension of the ICO’s Assessment Notice powers under the Coroners and Justice Act 2009 to these problematic sectors.”

Graham’s comments came as the ICO reported that 19 out of the 47 undertakings it had agreed since April this year involved the healthcare sector.

The ICO also revealed that businesses remained the sector generating the most data protection complaints. However, less than one in five companies contacted by the watchdog accepted an offer of undergoing an audit.

The watchdog said it had written to 29 banks and building societies, but only six had agreed to an audit. There was a similar reluctance in the insurance sector as well, with only two out of 19 insurance companies accepting the ICO’s offer.

The Information Commissioner told the conference that the overall number of new data protection complaints was up by 2% compared to the same period last year. The number of freedom of information complaints has also risen by 5%.