This post was written by Nick Tyler.
The Information Commissioner’s Office (ICO), the UK’s data protection and freedom of information regulator, has launched a high level “Information Rights Strategy”.
In it, the ICO identifies the following priority areas: Internet and mobile services; health; credit and finance; criminal justice; and information security.
The ICO will focus on outcomes in the above areas that reduce risks to information rights (both data protection and freedom of information). The outcomes are aimed at raising the awareness and understanding of information rights and risks. The ICO seeks to raise awareness among individuals as well as those organisations responsible for meeting obligations under information rights law.
The ICO’s strategy applies internationally and recognises the pervasive risks arising from “global data flows and universal deployment of new technologies”. The ICO seeks to work with and influence fellow regulators at EU and global level in an effort to achieve a consistent and harmonised approach.
The ultimate objective of “good information rights practice” will depend in part on the ICO’s use of its enforcement powers. In identifying the five priority areas, the ICO clearly signals which industry sectors and compliance issues will receive “particular regulatory attention”.
While the area of information security will continue to be a priority compliance risk for all, organisations in the telecommunications/new media, health sector and financial services will fall under the regulator’s microscope.
In a stark warning to any who may be complacent about compliance, the ICO states: “We will actively seek out situations where organisations significantly fail to live up to their information rights responsibilities and use the full range of our powers to address these”.