ISACA backs power increase for Information Commissioner

According to Vernon Poole, a member of ISACA's information security management committee and head of business consultancy for Sapphire, back in July 2008, as part of his outgoing report, Information Commissioner Richard Thomas criticised the EU data protection directive - which underpins the UKs Data Protection Act - for effectively showing its age.

Poole notes that reports now suggest that the Government will enhance the powers of the ICO, allowing it to raise penalties against data controllers, under Section 55A of the Data Protection Act.

Poole claims that, under Section 55A of the Act - which the Government has reportedly set an internal target for implementation on for later this year - the information commissioner will be able to impose penalties on companies that fail to protect their data, when that data is subsequently lost.

Current Government practice, he says, is to provide statutory guidance at least 12 weeks before the legislation comes into force.

The original plan, he adds, was for the penalties to be published in March of this year, ready for Section 55A of the Act to become law this month.

These dates have now passed, he says, but if the internal target is to pass the legislation amendment before the Parliamentary summer recess, then Section 55A could become law by the late Autumn of this year.

"This is good news as, at that stage, we will coming up on the second anniversary of the infamous loss of 15,000 pension customer details on a CD-ROM mailed between HMRC's offices in Newcastle and Edinburgh."

"That incident became the milestone which started off a chain of reports of data losses in the public and private sector in the UK and effectively triggered the amendments to the DPA we now know as Section 55A."

What’s Hot on Infosecurity Magazine?