In launching the Annual Report of the Information Commissioner’s Office, Christopher Graham – the Information Commissioner – has spoken of a year that marks the progress of data protection and Freedom of Information, in turn pointing towards the strengthening of his own regulatory powers in showing how the legislation continues to develop.
During the last 12 months, the ICO has been afforded powers to compulsorily audit NHS bodies for their data handling. Across the same time frame, forcing a potential employee to make a subject access request for, by way of example, their spent criminal record has been made an offence.
In addition, a change in the law has made it easier to issue fines for those companies proven to be behind nuisance calls and texts.
It has certainly been a busy year for the ICO. The organisation received almost 180,000 online reports about such nuisance calls and texts, representing a 12% increase on last year. Most reports were related to accident claims, green energy deals, payday loans and lifestyle surveys.
To combat this problem, the ICO has undertaken more regulatory action than ever before, issuing five Civil Monetary Penalties totalling £386,000 and eight enforcement notices ordering companies to cease illegal activity.
On top of that, the ICO has successfully prosecuted ten individuals under the Data Protection Act for unlawfully obtaining or disclosing personal data. This included the case of a company director accessing Everything Everywhere’s customer databases and using the details to target people with services offered by his own business.
Real developments in the law
Publishing the ICO’s Annual Report, Christopher Graham explained: “During the last three decades, we’ve seen real developments in the laws we regulate and particularly so over the past year. Just look at the EU Court of Justice ruling on Google search results. This is a case that could never have been envisaged when the data protection law was established.”
Graham continued: “Our role throughout has been to form the responsible regulator of these laws. More than that, we work to demystify some of this legislation, making clear that data protection isn’t to be seen as a hassle or a duck-out but rather a fundamental right.”
A good example of that is the ICO’s role within the new data protection package being developed in Brussels. “We’ve been asked for our advice based on our experience regulating the existing law,” explained Graham. “We’ve also provided a sensible commentary on proceedings for interested observers. That role will continue this year in what promises to be a crucial 12 months. The reform is overdue, but it’s vital that the detail’s absolutely right on a piece of legislation that needs to work in practice and which must last.”
Freedom of Information Act: a reflection
The Information Commissioner has also reflected on the tenth anniversary of the Freedom of Information Act, which was implemented back in January 2005.
“It’s striking to see how decisions that were so hard fought in the early years have resulted in routine publication of information,” highlighted Graham. “Publication of the safety standards for different models of cars, for example, or hygiene standards in pubs and restaurants and the surgical performance records of hospital consultants. Publication is now expected and unexceptionable.”
Continuing this theme, Graham stated: “It has been the ICO’s job to help public authorities comply with requests. The ICO’s role has led to information being released that, time and time again, has delivered real benefits for the UK. Our Annual Report is our claim to be listened to in the debates around information rights. It shows the ICO knows what it’s talking about.”
The ICO’s latest Annual Report reflects on the financial year 2014-2015. Key statistics unveiled include:
*14,268: Data protection concerns received
*£1,078,500: Total Civil Monetary Penalties issued, £386,000 of which were for companies behind nuisance calls or texts
*195,431: Helpline calls answered
*11.4%: Rise in number of concerns raised about nuisance calls and texts (to 180,188)
*41: Audits conducted of data controllers (as well as 58 advisory visits to SMEs)
*1,177: Information requests responded to by the organisation
*4.9 million: Number of visits to the ICO’s website