ICO launches new data protection strategy
The Information Commissioner’s Office (ICO) is launching a consultation on its new Data Protection Strategy which sets out how the ICO intends to go about its task of minimising data protection risk. The strategy, launched at the Privacy Laws & Business 20th annual conference in Cambridge on Monday 2 July, is concerned with maximising ICO’s long term effectiveness in bringing about good practice. It explains how the ICO will focus its data protection resources on situations where there is the greatest risk of harm through improper use of personal information.
Launching the strategy, David Smith, Deputy Commissioner,said: ‘Our vision is of a society where respect for personal information is guaranteed. A society where organisations inspire trust by meeting reasonable expectations of integrity, security and fairness in the collection and use of personal information. A society where individuals understand how their information is used and are aware of their rights and are confident in using them. Our strategy is all about turning this vision into a reality’
Organisations processing people’s personal details must comply with the Principles of the Data Protection Act. Failure to comply with the Act means there is a greater risk that individuals’ personal information is not held securely, is inaccurate or out of date. The ICO will focus its attention on situations where there is a real likelihood of serious harm. This could be harm caused to individuals or to society as a whole. This risk based approach is in line with good regulatory practice.
As a strategic regulator the Information Commissioner’s Office will not simply seek to improve the behaviour of organisations that handle personal information. The ICO will also work to influence government and the legislature at Westminster and in the devolved administrations so that minimising any risk to personal information is embedded as an aim from the earliest stages of policy development.
David Smith, Deputy Commissioner, added: “Building public confidence in data protection is key in our approach. We protect people not just information. Public confidence depends on us taking a practical, down to earth approach – simplifying and making it easier for the majority of organisations who seek to handle personal information well, but making it tougher for the minority who do not.”