ISACA applauds plan to boost Information Commissioner’s Office powers
June 2009 by ISACA
ISACA (formerly the Information Systems Audit and Control Association), a not for-profit organisation that seeks to encourage best practice in the ITsecurity industry, has given the `thumbs up’ to plans to significantly increase the powers of the Information Commissioner’s Office (ICO) later this year.
"Last July, in his outgoing report, Information Commissioner Richard homas criticised the EU data protection directive - which underpins the UKs Data Protection Act - for effectively showing its age," said Vernon Poole, CISM, Member of ISACA’s Information Security Management Committee and Head of Business Consultancy for Sapphire
"Reports now suggest that the UK Government will enhance the powers of the ICO, allowing it to raise penalties against data controllers, under Section 55A of the Data Protection Act," he added.
According to Vernon Poole, under Section 55A of the Act - which the Ministry of Justice has reportedly set an internal target for implementation on for later this year - the Information Commissioner will be able to impose penalties on companies that fail to protect their data, when that data is subsequently lost.
Current Government practice, he says, is to provide statutory guidance at least 12 weeks before the legislation comes into force.
The original game plan, he explained, was for the penalties to be published in March of this year, ready for Section 55A of the Act to become law this month.
These dates have now passed, he says, but if the internal target is to pass the legislation amendment before the Parliamentary summer recess, then Section 55A could become law by the late Autumn of this year.
"This is good news as, at that stage, we will coming up on the second anniversary of the infamous loss of 15,000 pension customer details on a CD-ROM mailed between HMRC’s offices in Newcastle and Edinburgh," he said.
"That incident became the milestone which started off a chain of reports of data losses in the public and private sector in the UK and effectively triggered the amendments to the DPA we now know as Section 55A," he added.
For more on the DPA Section 55A plans: