Information Commissioner's Office
Formation | 1984 (Data Protection Registrar) |
---|---|
Legal status | Governmental office |
Headquarters | Wilmslow, Cheshire |
Region served | United Kingdom |
Information Commissioner | Elizabeth Denham (July 2016) |
Website |
www |
Remarks | Appointment: July 2016 |
The Information Commissioner's Office (ICO; stylised as ico.) in the United Kingdom, is a non-departmental public body which reports directly to Parliament and is sponsored by the Department for Culture, Media and Sport (DCMS). It is the independent regulatory office (national data protection authority) dealing with the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland.
Role of the Information Commissioner
The Information Commissioner is an independent official appointed by the Crown. The Commissioner's decisions are subject to the supervision of the Courts and the Information Tribunal. The Office's mission is to "uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals".[1] The role of Information Commissioner is currently held by Elizabeth Denham who succeeded Christopher Graham in July 2016.
During his time as Information Commissioner, Christopher Graham was noted for gaining new powers to issue monetary penalties to those who breach the Data Protection Act 1998. He has also welcomed new powers to issue monetary penalties under the Privacy and Electronic Communications Regulations, as well as raising concerns over harm and distress caused by nuisance call to the public.[2] Christopher Graham succeeded Richard Thomas in 2009. During Richard Thomas' tenure as Commissioner, the ICO was particularly noted for raising serious concerns over the Government's proposed British national identity card and database, as well as other similar databases such as the Citizen Information Project, Universal Child Database, and the NHS National Programme for IT, stating that the country is in danger of sleepwalking into a surveillance society,[3] drawing attention to the misuse of such information by the former states of the Eastern bloc and Francisco Franco's Spain.
Data Protection Act 1998
The United Kingdom as a member of the European Union is subject to a strict regime of Data Protection. The Data Protection Act 1984 created the post then named Data Protection Registrar with whom people processing personal data had to register the fact of their processing of that data on the Register of Data Controllers. Under the provisions of EC Directive 95/46 (introduced in the UK as the Data Protection Act 1998, rather than as an SI under the European Communities Act 1972) the name of the post was changed to Data Protection Commissioner and later to Information Commissioner.
The register of data controllers is publicly available and searchable at the website of the ICO, which also gives links to the ICO's counterparts around Europe.
Enforcement
Prior to 2010 the enforcement powers were limited to issuing enforcement notices and to pursuing those alleged to have broken the Data Protection Act 1998 through the courts. In 2010 The Information Commissioner was granted the power to issue fines, known as monetary penalties, by its own authority, granted in April 2010. The first such were served on 24 November 2010.[4] From 2010, the ICO were also given the powers to serve Assessment Notices, which can be issued to organisations who are unwilling to work alongside the ICO and are at risk of breaking the principles of the Data Protection Act 1998. During the Leveson Inquiry in 2012 it came to light that the ICO had felt unable to challenge the press related to allegations of breaches due to the power of the press and perceived weakness of its own powers.[5]
Freedom of Information Act 2000
Under the Freedom of Information Act 2000 the Commissioner's role was expanded to include freedom of information and the job title was changed to Information Commissioner ('IC'). The Freedom of Information (Scotland) Act 2002 is the domain of the Scottish Information Commissioner and is aimed at public bodies administered by the Scottish Parliament (which are not covered by the UK Act).
Privacy and Electronic Communications Regulations (EC Directive) 2003 (PECR)
In November 2011 the ICO was given the powers to impose monetary penalties of up to £500,000 for breaches of the Privacy and Electronic Communications Regulations (PECR). PECR applies to organisations that wish to send marketing messages through electronic means i.e. phone, fax, email, text; use cookies or provide electronic communication services to the general public.
Nuisance Calls
In March 2013, commenting on a fine of £90,000 imposed on Cumbernauld fitted kitchen company DM Design for nuisance marketing calls, the Information Commissioner said that "this fine will not be an isolated penalty. We know other companies are showing a similar disregard for the law and we've every intention of taking further enforcement action against companies that continue to bombard people with unlawful marketing texts and calls." In 2014, the Government changed the law to "lower the legal threshold for consumer harm" [6] This made it easier for the ICO to "take enforcement action against more organisations breaching the Privacy and Electronic Communications Regulations (PECR).[7] In 2015, the ICO imposed more than a million pounds worth of penalties for nuisance calls and text messages and in early 2016 they issued their largest fine, under this regulation, to a lead generation company Prodial Ltd.
Environmental Information Regulations 2004
The Information Commissioner is also responsible for appeals made under the Environmental Information Regulations 2004.
Investigations
Sony
In 2013, the Information Commissioner's Office fined Sony Computer Entertainment Europe Ltd. £250,000, when many PlayStation systems were hacked and the names, addresses, phone numbers and card details of users were stolen. The ICO found that Sony had excessive information about their users and inadequate security systems in place.[8] This remains the largest fine issued by the ICO to a Private Business Company for a data protection breach.
Operation Motorman
In 2002, under 'Operation Motorman', the ICO under Richard Thomas raided various newspaper and private investigators' offices, looking for details of personal information kept on unregistered computer databases. The operation uncovered numerous invoices addressed to newspapers and magazines, which detailed prices for providing the journalists with personal information, with 305 journalists being identified as having been the recipients of a wide range of information.[9]
In 2006, a request under the Freedom of Information Act led to the publication of a report to the British Parliament called "What Price Privacy Now?".[10] The newspaper with the highest number of requests was the Daily Mail with 952 transactions by 58 journalists; the News of the World came fifth in the table, with 182 transactions from 19 journalists.[9] The Daily Mail immediately issued a press release, in which it rejected the accusations within the report. Editor Paul Dacre said that Associated Newspapers only used private investigators to confirm public information, such as dates of birth.[9]
In a July 2011 appearance in front of a parliamentary committee, a day after former News International CEO Rebekah Brooks had been arrested and bailed in light of the News International phone hacking scandal, Dacre told them that he had never "countenanced" phone hacking or blagging at his newspaper, as both acts were clearly "criminal".[11]
Consulting Association
On 23 February 2009, the Droitwich office of the Consulting Association (TCA) was raided by the ICO, which served an enforcement notice against TCA under the terms of the Data Protection Act. The ICO action followed a 28 June 2008 article about alleged blacklisting in the construction industry, by journalist Phil Chamberlain, published in The Guardian.[12]
List of Information Commissioners
- Elizabeth Denham (appointed 15 July 2016))[13]
- Christopher Graham (appointed 29 June 2009)[14][15]
- Richard Thomas (appointed 2 December 2002)
- Elizabeth France (appointed 1 September 1994)[16]
- Eric Howe (appointed September 1984)
Similar roles in Europe
The role of the IC is mirrored throughout the countries of the European Union and European Economic Area who have equivalent officials created under their versions of Directive 95/46.
See also
- Information privacy
- Information commissioner
- Departments of the United Kingdom Government
- Privacy International
- The United Kingdom Office of Communications (Ofcom)
- The United Kingdom Office of Gas and Electricity Markets (Ofgem)
- The United Kingdom Water Services Regulation Authority (Ofwat)
- Telephone Preference Service
- Data Protection Commissioner (Ireland)
- Category:Databases in the United Kingdom
- Operation Motorman (ICO investigation)
References
- ↑ "Information Commissioner's Office". Information Commissioner's Office. Retrieved 7 January 2010.
The Information Commissioner's Office is the UK's independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals
- ↑ https://iconewsblog.wordpress.com/2014/04/03/targeting-the-worst-offenders-and-cutting-nuisance-calls/
- ↑ Patrick Foster, Big Brother surveillance means no one is safe, experts warn, The Times, March 27, 2007, accessed September 16, 2007
- ↑ "BBC News - First Data Protection Act fines issued by commissioner". BBC Online. BBC. 24 November 2010. Retrieved 24 November 2010.
The commissioner said the fines - the first he has issued - would "send a strong message" to those handling data.
- ↑ "The Frontline". 1 December 2011.
- ↑ "Nuisance Calls Action Plan" (PDF). Department of Culture, Media and Sport. Retrieved 8 April 2016.
lower the legal threshold for consumer harm
- ↑ "Nuisance Calls Action Plan" (PDF). Department of Culture, Media and Sport. Retrieved 8 April 2016.
take enforcement action against more organisations breaching the Privacy and Electronic Communications (EC Directive) Regulations 2003
- ↑ http://www.bbc.co.uk/news/technology-21160818
- 1 2 3 "Info Chief's broadside at Press over data crimes". Press Gazette. 15 December 2006. Retrieved 18 July 2011.
- ↑ "What Price Privacy Now?". Information Commissioners Office. 15 December 2006. Retrieved 18 July 2011.
- ↑ "Daily Mail editor Paul Dacre 'never approved hacking'". BBC News. 18 July 2011. Retrieved 18 July 2011.
- ↑ Chamberlain, Phil (28 June 2008). "Enemy at the gates". The Guardian. Retrieved 7 September 2015.
- ↑ "UK's new Information Commissioner formally appointed". 2016-07-15. Retrieved 2016-07-25.
Her Majesty The Queen has approved the appointment of Elizabeth Denham as the UK’s Information Commissioner.
- ↑ McNally, Paul (2009-01-13). "Christopher Graham is new Information Commissioner". Press Gazette. Retrieved 2009-01-13.
The Ministry of Justice has selected Advertising Standards Authority director general Christopher Graham to replace Richard Thomas as Information Commissioner.
- ↑ "Written Ministerial Statement - Appointment of Information Commissioner". The official site of the Prime Minister's Office. 2009-05-08. Retrieved 2009-05-19.
Her Majesty The Queen has approved the appointment of Mr Christopher Graham as the next Information Commissioner with effect from 29 June 2009 for a period of 5 years.
- ↑ Lashmar, Paul (27 November 2000). "Elizabeth France: This woman's watching you, Big Brother". The Independent. Retrieved 9 August 2011.