Information Commissioner needs more power

ICO should be given more power to help battle data security breaches, according to speakers at a Westminster eForum event in London today.

Give the Information Commissioner's Office (ICO) more power to hold companies and the public sector accountable for data security breaches, speakers at a Westminster eForum event said today.

Earlier this week, the Information Commissioner Richard Thomas called the number of companies and public organisations which have had serious security lapses "frankly horrifying." In London today, representatives from government, industry and academia called for better protection of individual's data - and more power for the ICO, the government body charged with protecting people's privacy in the digital age.

"We don't appear to be taking seriously as a society this information leakage," said Dr Simon Moores, the vice chairman of the Conservative Technology Forum.

An assistant commissioner from the ICO said the body believed it was time to take action. "When do start to do something about this instead of just having the debates?" asked Jonathan Bamford.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The speakers called for a bigger role for the ICO, with consultant Dr Ian Forbes saying the body needed "more elbows and a lot more power."

Currently, the information commissioner must ask permission from an organisation before looking into its data control and security arrangements. "The recalcitrant ones who don't want us there, there's something they don't want us to find," said Bamford.

Speakers representing industry also called for better guidance from the government. "There should be far more safeguards for industry to focus on," said David Theriault, business development manager at Ubisense.

Bamford laid out an ICO action plan to help deal with privacy and security issues surrounding private data. It included a new code of conduct for CCTV, an information sharing framework code and increasing the use of privacy impact assessments - all designed offer support and guidance to organisations.

He also highlighted the use of privacy enhancing technologies, calling for security and privacy controls to be built into databases and other technologies at the planning stage, rather than waiting until the end to bolt them on. Government IT contractors should be told to develop privacy and security controls at the specification stage, while the government should be willing to pay a premium for safer systems, Bamford said.

It's not just about securing the data or the IT, but about how people have access to information. "Things go wrong not just because of technology failures, but human failures," Bamford said. He and other speakers called for tougher sentencing and bigger financial penalties for those responsible for data breaches.

Advertisement - Article continues below

The government needs to create a culture of security, one speaker said. "Security is not a process, not a group of products, it's a state of mind," said Nigel Hopgood, the head of corporate governance at Sun Microsystems.

Philip Virgo, the secretary general of industry parliamentary group EURIM, said deciding responsibility for security breaches is easier in the private sector than the public sector. In the former, it comes down to who to sue, while in the latter, politics comes into play. But accepting responsibility for errors is key to gaining public trust - especially for highly-criticised projects such as the identity card scheme. "Trust is earned by those who accept responsibility even when things go wrong," said Virgo.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020