Information Commissioner needs more power
ICO should be given more power to help battle data security breaches, according to speakers at a Westminster eForum event in London today.
Give the Information Commissioner's Office (ICO) more power to hold companies and the public sector accountable for data security breaches, speakers at a Westminster eForum event said today.
Earlier this week, the Information Commissioner Richard Thomas called the number of companies and public organisations which have had serious security lapses "frankly horrifying." In London today, representatives from government, industry and academia called for better protection of individual's data - and more power for the ICO, the government body charged with protecting people's privacy in the digital age.
"We don't appear to be taking seriously as a society this information leakage," said Dr Simon Moores, the vice chairman of the Conservative Technology Forum.
An assistant commissioner from the ICO said the body believed it was time to take action. "When do start to do something about this instead of just having the debates?" asked Jonathan Bamford.
The speakers called for a bigger role for the ICO, with consultant Dr Ian Forbes saying the body needed "more elbows and a lot more power."
Currently, the information commissioner must ask permission from an organisation before looking into its data control and security arrangements. "The recalcitrant ones who don't want us there, there's something they don't want us to find," said Bamford.
Speakers representing industry also called for better guidance from the government. "There should be far more safeguards for industry to focus on," said David Theriault, business development manager at Ubisense.
Bamford laid out an ICO action plan to help deal with privacy and security issues surrounding private data. It included a new code of conduct for CCTV, an information sharing framework code and increasing the use of privacy impact assessments - all designed offer support and guidance to organisations.
He also highlighted the use of privacy enhancing technologies, calling for security and privacy controls to be built into databases and other technologies at the planning stage, rather than waiting until the end to bolt them on. Government IT contractors should be told to develop privacy and security controls at the specification stage, while the government should be willing to pay a premium for safer systems, Bamford said.
It's not just about securing the data or the IT, but about how people have access to information. "Things go wrong not just because of technology failures, but human failures," Bamford said. He and other speakers called for tougher sentencing and bigger financial penalties for those responsible for data breaches.
The government needs to create a culture of security, one speaker said. "Security is not a process, not a group of products, it's a state of mind," said Nigel Hopgood, the head of corporate governance at Sun Microsystems.
Philip Virgo, the secretary general of industry parliamentary group EURIM, said deciding responsibility for security breaches is easier in the private sector than the public sector. In the former, it comes down to who to sue, while in the latter, politics comes into play. But accepting responsibility for errors is key to gaining public trust - especially for highly-criticised projects such as the identity card scheme. "Trust is earned by those who accept responsibility even when things go wrong," said Virgo.
Staying ahead of the game in the world of data
Create successful marketing campaigns by understanding your customers betterDownload now
Remote working 2020: Advantages and challenges
Discover how to overcome remote working challengesDownload now
Keep your data available with snapshot technology
Synology’s solution to your data protection problemDownload now
After the lockdown - reinventing the way your business works
Your guide to ensuring business continuity, no matter the crisisDownload now