recent work

The price of data protection

The BBC reported yesterday that MPs have warned that providing the office of the Information Commissioner could cost the tax payer more than £40m each year. Currently the Information Commissioner’s Office (ICO) is funded through the notification fees that it collects which cost either £35 or £500 depending upon the size of organisation. The proposed new Data Protection Regulation which is expected to come into force next year is expected to scrap the requirement to notify in favour of placing further obligations on data controllers. But this means that the notification fees will also be scrapped. There is a suggestion that the ICO could be funded from the fines that it imposes but this would fundamentally change the ICO’s role. Sir Alan Beith, Chairman of the cross party committee reiterated calls for harsher penalties including prison sentences for serious breaches of the data protection laws.
The ICO plays three important roles: on the one hand it is responsible for regulating data processing activities of those processing personal data; and on the other hand it is responsible for educating both data controllers and the general public to improve privacy and information security. The third role that it fulfils is in upholding the rights of individuals, a vital role in helping to manage spam and unsolicited marketing communications. So is £40m a year a fair price to pay to fund a data protection regulator/ombudsman?