Over the last month or so, we've seen a few reports and comments from the Information Commissioner's Office (ICO) concerning data security and use of data. Here’s a round-up of a few key stories:
1. Data audits
Christopher Graham is recommending regular data audits for local government and the NHS to reduce the need for fines relating to “stupid basic errors” like sensitive information being left on an unencrypted memory stick (which of course then gets lost or left behind…). Although Graham was addressing concerns about fines in the public sector, the principle behind conducting regular data audits is a sound one for the private sector as well, and particularly for companies that hold a lot of personal data.
An audit allows a company to take stock of what practices need urgent attention, what it is doing well and how it can continue to improve data security. It is also a useful opportunity for companies to give staff a refresher on what they should and shouldn’t be doing in relation to data security.
2. Data protection reforms
The ICO has recently published its latest thoughts on the proposed reforms to the Data Protection Directive, which you can read here.
It believes that this is likely to be a key topic over the coming year and there is going to be a lot of focus on getting the reforms in place by 2014 at the latest (as the European Parliament and European Commission is due for re-appointment at that time).
By that point the process will have taken around six years in total. Given the technological advances made in that time, will the new legislation be out of date before it even gets used? Only time will tell…
3. Cookie enforcement
In December, the ICO published its latest report on cookies and a summary of the enforcement activities it has undertaken since the new legislation came into force.
Unsurprisingly (if you have used the internet at all over the last few months), the ICO says that consent banners are now the most commonly used means of obtaining explicit consent and, for the first time, the ICO has actually given examples of some popular websites using these banners.
So far only one website the ICO has looked at has been given a deadline for compliance due to its failure to take any steps at all to request consent to use cookies. If it doesn’t comply within the specified timeframe, the ICO is threatening to name and shame (which would be the first under the new regime) – probably enough of an incentive for most to take action.
Comments