“At the same time that data managers need to get data protection and information security solutions enabled in their business, finance directors are looking for savings,” he said. Rising expectations among customers about how their personal information will be protected are also running at odds with how easy it is for members of staff to steal data on USB sticks or laptops.
To close this gap, the ICO has successfully lobbied to be granted enhanced enforcement powers from 6th April, including fines of up to £500,000. But Graham noted that, “there are two sides to effective regulation – enforcement and education.” By looking to commercial organisations and trade bodies to uphold self-regulation and best practice, the ICO can “keep the big stick in the cupboard”.
With the publication of the “Privacy Dividend” report, the ICO is looking to help companies make the case for better data protection. The current review of the code of practice for personal information online is also taking a similar approach. “We are not zealots or anti-advertising – it pays for a lot of free stuff. It is about the carrot and the stick,” said Graham.