UK ICO reviews achievements over 2015/16
The UK Information Commissioners Office has issued its annual report covering its work and process over the past financial year. As a new Commissioner takes to the driving seat of this organisation for the next 5 years, the ICO’s immediate focus with UK Government will be taken-up in qualifying and understanding the impacts of the intended data protection reform process following the EU Referendum result.
The UK ICO seems to be adamant that the various elements of the intended reform process remain an important necessity, along with the need for a realistic level of international consistency of standards and practices and collaboration to meet the challenges of cross-border risks, technology and the consequent globalisation of many businesses. Of course, a new data protection framework, in the form of an updated EU Directive and further new and ancillary Regulations, remains currently on-schedule to be applied across the EU during May 2018.
Amongst the key statistics and performance analysis has been the issue of financial penalties against firms for data protection breaches and failures exceeding £2m, over an active period and against a total net operational expenditure of just >£5m. During the report period >160k (Privacy and Electronic Communications Regulations ‘PECR’ related) concerns were received in respect of nuisance-calls and marketing practices, with >16k specific data protection cases (an increase of some 15% on the 2014/15 figures) being raised for investigation. As the UK ICO works to protect data privacy from misuse and also to enforce information rights, it seeks to ensure individual personal data and sensitive information is held and managed in a suitably responsible, transparent and secure manner.
At the beginning of 2016 the ICO also issued a new data protection self-assessment tool designed for small-medium businesses (SME’s) to identify and begin to articulate and apply an objective, proportionate and risk-based approach to managing and mitigating realistic exposures. This was followed by updated guidance on practical data and hardware encryption measures and standards, as well as important revised guidance in the wake a European legal ruling affecting how organisations need to control and oversee activities involving any international transfers or sharing of relevant data or information.
Looking forward, the ‘change’ issues arsing from the EU Referendum (and the ensuing political instability too) will now inevitably be a fundamental priority of risk concern for the ICO and its new senior-management.