Fair enough but the question needs to be asked why is the law not enforced by the ICO? Simple - it's unwieldy, the ICO has no control over the enforcement/legal process and central government has seen fit to limit the resources available to the regulator so they are fighting with one hand tied behind their back. I don't think anyone would disagree with the process being clarified and the introduction of fixed penalties etc but that doesn't override the fundamental problems as I see it which are the lack of resources and the lack of control available to the ICO. Using the FSA example again if I complain to them and they deem my complaint valid it costs the company £500 before the complaint is even heard. Granted a small initial penalty but from personal experience in financial services most companies will do anything to avoid the fee and the listing on the FSA complaints register. I'm not saying something similar would work for DP but going back to the 'reputation' issue it might focus some minds, particularly in the private sector. Its also worth noting that the DPA doesn't allow the ICO to pro-actively audit data controllers and their activities/practices. The ICO can only audit data controllers that invite it in unlike the FSA or HMRC who do not need to be invited. Its very easy to criticise the ICO, and I along with ex-colleagues regularly do, but the fact remains that on the issue of enforcement it isn't as easy as most people seem to believe. -----Original Message----- From: Antoinette Carter [mailto:[log in to unmask]] Sent: Mon 31 July 2006 10:55 To: [log in to unmask] Subject: Re: [data-protection] ICO Data Protection Annual Report I don't disagree with you; but the fact remains that a law that is not enforced is tantamount to no law at all. I can't see any reason why there shouldn't be a "fixed penalty" system in place for non-notification, for example. But instead the DCA would have us believe that a max. 2 year prison sentence will make a difference...... Not if they never prosecute anyone it won't. And let's face it, no judge is ever going to give a custodial sentence for a first offence under the DPA, are they. -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Lee Gardiner Sent: 31 July 2006 10:26 To: [log in to unmask] Subject: Re: [data-protection] ICO Data Protection Annual Report Sadly the unwieldy nature of the enforcement process, as has already been mentioned in another thread, makes it very labour and cost intensive for the ICO to pursue a prosecution. As such unless they are fairly sure of getting the right result they often won't pursue the matter due to the costs involved. The view of many ICO staff when I was there was the ICO should be prosecuting everything and even if they lose at least the ICO is being seen to take action but the commercial realities outweighed the benefits of following this course of action. It also doesn't help that the courts are the ultimate arbiter of punishment in DP and so the final outcome is out of the ICO's hands unlike say the FSA where they are both judge and jury and can impose penalties as they see fit. Again there were rumblings at the ICO that if the ICO had similar powers to the FSA you would see more enforcement and higher fines being used more often. Just my twopenneth for a Monday morning. Lee -----Original Message----- From: Carter, Antoinette (MCS) [mailto:[log in to unmask]] Sent: Mon 31 July 2006 10:12 To: [log in to unmask] Subject: Re: [data-protection] ICO Data Protection Annual Report Interestingly this confirms my previous fears as to the level of DP prosecutions: April-June 2005: 3 July-Sept: 2 Oct-Dec: 5 Jan-March 2006: 6 A grand total of 16 (up from 12 in 04/05 the ICO proudly announces); 10 of which were for non-notification.... I wonder if they get performance related pay in the ICO....? -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Nick Landau Sent: 31 July 2006 09:48 To: [log in to unmask] Subject: [data-protection] ICO Data Protection Annual Report Excuse cross-posting http://www.informatics.nhs.uk/item/1943 drew my attention to the ICO Annual Report 2005-6. http://www.ico.gov.uk/cms/DocumentUploads/annual_report_full_version_200 6.pdf Nick Landau ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This message is for the use of the intended recipient(s) only. If you have received this message in error, please notify the sender and delete it.The British Council accepts no liability for loss or damage caused by software viruses and you are advised to carry out a virus check on any attachments contained in this message. Our purpose is to build mutually beneficial relationships between people in the UK and other countries and to increase appreciation of the UK's creative ideas and achievements. The British Council is registered in England as a charity. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses using Sophos anti-virus software. www.mimesweeper.com www.sophos.com ********************************************************************** ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This message is for the use of the intended recipient(s) only. If you have received this message in error, please notify the sender and delete it.The British Council accepts no liability for loss or damage caused by software viruses and you are advised to carry out a virus check on any attachments contained in this message. Our purpose is to build mutually beneficial relationships between people in the UK and other countries and to increase appreciation of the UK's creative ideas and achievements. The British Council is registered in England as a charity. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^