Over the last month or so, we've seen a few reports and comments from the Information Commissioner's Office (ICO) concerning data security and use of data. Here’s a round-up of a few key stories:
1. Data audits
Christopher Graham is recommending regular data audits for local government and the NHS to reduce the need for fines relating to “stupid basic errors” like sensitive information being left on an unencrypted memory stick (which of course then gets lost or left behind…). Although Graham was addressing concerns about fines in the public sector, the principle behind conducting regular data audits is a sound one for the private sector as well, and particularly for companies that hold a lot of personal data.
An audit allows a company to take stock of what practices need urgent attention, what it is doing well and how it can continue to improve data security. It is also a useful opportunity for companies to give staff a refresher on what they should and shouldn’t be doing in relation to data security.
2. Data protection reforms
It believes that this is likely to be a key topic over the coming year and there is going to be a lot of focus on getting the reforms in place by 2014 at the latest (as the European Parliament and European Commission is due for re-appointment at that time).
By that point the process will have taken around six years in total. Given the technological advances made in that time, will the new legislation be out of date before it even gets used? Only time will tell…
3. Cookie enforcement
Unsurprisingly (if you have used the internet at all over the last few months), the ICO says that consent banners are now the most commonly used means of obtaining explicit consent and, for the first time, the ICO has actually given examples of some popular websites using these banners.