ICO May Get Audit Powers; 80 Percent of ICO Fines Self-Reported
DATA PROTECTION—UKMarch 27, 2013
Out-Law.com reports that the UK Ministry of Justice has opened a consultation on making public health organizations subject to compulsory data protection audits by the Information Commissioner’s Office (ICO). Currently, the ICO has powers to audit central government departments but must obtain consent from other public bodies prior to an audit. And a new Field Fisher Waterhouse (FFW) report has found that 84 percent of the fines issued by the ICO in 2012 were handed down to organizations that self-reported a breach. FFW Partner Stewart Room, CIPP/E, said, “The likelihood is that many controllers will be deterred from coming forward due to fears of fines and the absence of positive incentives.” Room added, “organizations who come forward should be treated similarly to those who undergo an audit.” Editor’s Note: Room will speak in more detail about these findings next month at the IAPP’s Data Protection Intensive in London. Download the full report here.