UK Information Commissioners announces new approach to improve data protection standards.
An open letter (Open letter from UK Information Commissioner John Edwards to public authorities | ICO) from the UK Information Commissioner on 30th June set out new priorities for data protection within public authorities, including the UK Government and devolved administrations.
The revised approach is intended to raise data protection standards across the board and will centre around increased accountability on all sides. It is just one of the initiatives of the UK Information Commissioner, John Edwards, who plans to unveil more in the coming weeks as part of the wider three-year strategic vision known as ICO25.
The intention is to work with senior leaders across the public sector to encourage compliance, reduce data breaches by identifying the most common causes and to ensure lessons are learned. This will be achieved through a trial period of a discretionary reduction in fines, alongside more public engagement to share good practice and lessons learned.
“The powers I hold are there to act as a remedy and deterrent to data breaches, not, as is often thought, to act only as a punishment” Mr. Edwards stated in the letter.
He added: “I am not convinced large fines on their own are as effective a deterrent within the public sector. They do not impact shareholders or individual directors in the same way as they do in the private sector but come directly from the budget for the provision of services.”
Whilst fines will still be delivered in serious cases, more emphasis will be placed on the opportunities to increase the standards of data protection from the outset and learning from mistakes, with repercussions instead being focused on enforcement notices and sharing details around the incident to encourage wider improvement across the sector.
The ICO is keen to state that data breaches will still be investigated in the same way, with follow-ups in place to ensure that improvements are being made and will ensure there is more public awareness of such incidents, allowing more public authorities to learn from each other.
In addition, the ICO has received a commitment from the UK Government to set up a cross-Whitehall senior leadership group to encourage compliance with the raised standards of data protection.
“I expect to see greater engagement from the public sector, including senior leaders, with our data protection agenda. I also expect to see investment of time, money and resources in ensuring data protection practices remain fit for the future.” Mr. Edwards added.
The trial period is expected to last two years, after which a review will be undertaken to assess the success of the approach in its intention to improve data protection standards.