The past year in data protection, and some hints for the future.
It’s been a busy year for the information commissioner’s office (ICO), as its shown in its 2013-2014 report released this week. With data protection only becoming more important as time goes on, here are the eight things you need to know about the British agency responsible for it:
1) It was the ICO’s busiest year yet
As is to be expected when data is becoming more and more important in our lives, both the complaint casework received and finished by the ICO went up this year, by 7.1% and 8.5% respectively.
On freedom of information requests, the office’s other duty, the casework received and finished also increased, this time by 9.9% and 11.9% respectively.
2) Most complaints still concern the government
The ICO has sole responsibility for dealing with UK government bodies, and unsurprisingly this amounts to three-quarters of complaints, with a quarter related to central government while half concerns local government.
When it comes to breaches by multinational companies, the information has to be processed largely within the UK for it to fall within the ICO’s remit. Companies based in France or Germany have to be dealt with by their respective data protection agencies.
3) The office itself suffered a breach
This year the ICO admitted that the office itself had suffered "one non-trivial security incident". Once discovered it was treated as a self-reported breach, with the data privacy investigator investigating itself as it would anyone else, as well as conducting a separate internal inquiry.
It decided that the chances of "damage or distress" to any of the unnamed subjects was low, thus not meeting the "serious breach" barrier for a fine. The admission will likely prompt questions over whether the watchdog is fit to investigate itself.
4) Funding fell as fees rose
Like many government departments right now the ICO is facing cuts to its funding, the fifth year in a row since information commissioner Christopher Graham took on the job. Funding from a Ministry of Justice grant fell to £4m in 2013-2014, with income with fees from registered members coming to £16.5m, an increase of about half a million from the previous year.
5) The ICO is still prosecuting people for not registering
Registration with the ICO comes pretty cheap, with small companies charged £35 while companies with a turnover of £25.9m and 250 or more employees pay £500. Yet Simon Entwisle, director of operations, reported that they were still taking companies to court for refusing to pay, sometimes resulting in fines of £2,000.
6) It believes (partially) in "the right to be forgotten"
Within the British press the European Court of Justice’s ruling that people had the right to request "inadequate, irrelevant or no longer relevant" information be removed search engine results was not greeted with enthusiasm.
Yet the information commissioner defines search engines as data controllers, and is in favour of restricting information flowing across the net. "A search engine is a big commercial operation and there must be some reasonable restrictions to the invasion of personal privacy," he said.
7) Anti-Brit prejudice poses a problem in Europe
Despite theories that the ICO will be submerged under the upcoming EU data protection regulations, Graham still feels that the UK will have an influence in Brussels. "You can’t just have a little England approach, or even a fortress Europe approach for that matter," he said.
Yet the office does feel the drawbacks of being in the leading Eurosceptic nation. "We’re effective as we can be given the political climate that we have to operate in," said director for data protection, David Smith.
8) It wants more power in parliament
Though the ICO is independent of parliament Graham feels the office "needs the guarantee of independence that comes from a more formal relationship with Parliament than is the case at present".
Smith also noted that the parliamentary appearances of the office are "out of proportion" to what used to be the case a few years ago. "It’s really true that data protection has come of age and does impact on everything," he said.