 
|
|
In partnership with:
|
Have respect for info-rights
There has been a sea-change. Information rights have never been taken more seriously – by politicians and the public sector, by business leaders, by the media and, crucially, by private individuals. At the ICO, we are proud of a very successful year. We have handled unprecedented caseloads. We have shown our regulatory teeth with successful prosecutions and enforcement action. Our hard hitting reports on the pernicious illegal trade in personal information are producing tangible results. We have started a national debate about surveillance issues and this has inspired two [parliamentary] select committee inquiries. Individuals’ awareness of data protection rights has risen to 82% (from 76% last year). Data protection has never been more necessary nor faced greater tests. Personal information is now used in previously unimaginable ways. In the world of cheap and almost limitless processing and storage capacity, commercial and political pressures to escalate the use of the electronic footprints we leave many times a day, become almost irresistible. The benefits of using personal information are undeniable. But so are the risks for individuals and society where use goes beyond reasonable expectations or where things go wrong. The purposeful routine and systematic recording of everyone’s movements, activities and transactions in public and private spaces – a surveillance society – is fast becoming a reality. The dangers are graver still as one system is linked to another. The risks, such as mistaken identity, inaccurate or out of date information and judgmental profiling, magnify as information is shared ever-wider. Only data protection and self-interest stand in the way. Although many of the detailed rules are too bureaucratic, the underlying principles of data protection have successfully stood the test of time. They provide a sound framework to minimise the risks and promote acceptable and beneficial handling of personal information. But legal regulation is insufficient by itself. The consequences of getting it wrong can now be seen instantly, domestically and across the globe, causing great short-term damage to political and commercial reputations and long-term damage to society. It is ministers, permanent secretaries, chairs and chief executives who must ensure their organisations guarantee safeguards and exercise the necessary self-restraint. This is simple self-interest which must come from the top. Recent security breaches, permitting the wrong people to access confidential information, provide a powerful illustration of the need to ensure that safeguards are achieved in practice. The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying. How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store card transactions fall into the wrong hands? How can online recruitment allow applicants to see each others’ forms? How can any chief executive of a bank face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured, in non-confidential waste bags? Security breaches are just one example. Customer, employee, stock market and voter expectations are high for all aspects of data protection. My office is committed to making it easier for those organisations who seek to handle personal information well – and tougher for those who do not. My message to those at the top of organisations is to respect the privacy of individuals and the integrity of the information held about them, to embrace data protection positively and to be sure you are not the business or political leader who failed to take information rights seriously. This is an edited version of Richard Thomas’ annual report foreword. Richard Thomas is the UK’s Information Commissioner and head of the Information Commissioner’s Office (ICO), the independent public body set up to promote access to official information and protect personal information News: UK state data-sharing lacks adequate security (7 August 2007) News: ICO issues policy on data sharing (8 June 2007)
|
|
