Philip James is right (“Licensed to Process?”, September 2009) that if a data breach occurs at a client’s Data Processor, it is the client as the Data Controller who may be directly fined or face criminal sanction. Making Data Processors more responsible for their actions is certainly a good idea “. The idea of moving the onus away from Data Controllers is more controversial”.
DQM Group undertakes audits of Data Processors for most leading media owners and clients – we have completed over 150 audits over the
last 18 months alone. Leading data bureaux are already putting in place systems and processes that will give full comfort to clients.
However, I’m sure some form of licensing system or accreditation programme, managed by the ICO in consultation with trade bodies such as the DMA, would add real value to all concerned.
Adrian Gregory, Chief executive, DQM Group and chairman, IDM Data Council and DMA Data Governance Working Party