JISCMail - DATA-PROTECTION Archives

Fair enough but the question needs to be asked why is the law not enforced
by the ICO?

Simple - it's unwieldy, the ICO has no control over the enforcement/legal
process and central government has seen fit to limit the resources available
to the regulator so they are fighting with one hand tied behind their back.

I don't think anyone would disagree with the process being clarified and the
introduction of fixed penalties etc but that doesn't override the
fundamental problems as I see it which are the lack of resources and the
lack of control available to the ICO.

Using the FSA example again if I complain to them and they deem my complaint
valid it costs the company £500 before the complaint is even heard. Granted
a small initial penalty but from personal experience in financial services
most companies will do anything to avoid the fee and the listing on the FSA
complaints register. I'm not saying something similar would work for DP but
going back to the 'reputation' issue it might focus some minds, particularly
in the private sector.

Its also worth noting that the DPA doesn't allow the ICO to pro-actively
audit data controllers and their activities/practices. The ICO can only
audit data controllers that invite it in unlike the FSA or HMRC who do not
need to be invited.

Its very easy to criticise the ICO, and I along with ex-colleagues regularly
do, but the fact remains that on the issue of enforcement it isn't as easy
as most people seem to believe. 

-----Original Message-----
From: Antoinette Carter [mailto:[log in to unmask]] 
Sent: Mon 31 July 2006 10:55
To: [log in to unmask]
Subject: Re: [data-protection] ICO Data Protection Annual Report

I don't disagree with you; but the fact remains that a law that is not
enforced is tantamount to no law at all.  I can't see any reason why there
shouldn't be a "fixed penalty" system in place for non-notification, for
example.  But instead the DCA would have us believe that a max. 2 year
prison sentence will make a difference......
Not if they never prosecute anyone it won't.  And let's face it, no judge is
ever going to give a custodial sentence for a first offence under the DPA,
are they.

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Lee Gardiner
Sent: 31 July 2006 10:26
To: [log in to unmask]
Subject: Re: [data-protection] ICO Data Protection Annual Report

Sadly the unwieldy nature of the enforcement process, as has already been
mentioned in another thread, makes it very labour and cost intensive for the
ICO to pursue a prosecution.

As such unless they are fairly sure of getting the right result they often
won't pursue the matter due to the costs involved.

The view of many ICO staff when I was there was the ICO should be
prosecuting everything and even if they lose at least the ICO is being seen
to take action but the commercial realities outweighed the benefits of
following this course of action.

It also doesn't help that the courts are the ultimate arbiter of punishment
in DP and so the final outcome is out of the ICO's hands unlike say the FSA
where they are both judge and jury and can impose penalties as they see fit.

Again there were rumblings at the ICO that if the ICO had similar powers to
the FSA you would see more enforcement and higher fines being used more
often.

Just my twopenneth for a Monday morning.

Lee
-----Original Message-----
From: Carter, Antoinette (MCS)
[mailto:[log in to unmask]]

Sent: Mon 31 July 2006 10:12
To: [log in to unmask]
Subject: Re: [data-protection] ICO Data Protection Annual Report

Interestingly this confirms my previous fears as to the level of DP
prosecutions:
April-June 2005: 3
July-Sept:       2
Oct-Dec:         5
Jan-March 2006:  6

A grand total of 16 (up from 12 in 04/05 the ICO proudly announces); 10 of
which were for non-notification....

I wonder if they get performance related pay in the ICO....?

-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Nick Landau
Sent: 31 July 2006 09:48
To: [log in to unmask]
Subject: [data-protection] ICO Data Protection Annual Report

Excuse cross-posting

http://www.informatics.nhs.uk/item/1943 drew my attention to the ICO Annual
Report 2005-6.

http://www.ico.gov.uk/cms/DocumentUploads/annual_report_full_version_200
6.pdf

Nick Landau 

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This message is for the use of the intended recipient(s) only. 

If you have received this message in error, please notify the sender and
delete it.The British Council accepts no liability for loss or damage caused
by software viruses and you are advised to carry out a virus check on any
attachments contained in this message. Our purpose is to build mutually
beneficial relationships between people in the UK and other countries and to
increase appreciation of the UK's creative ideas and achievements. The
British Council is registered in England as a charity.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


**********************************************************************
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses using Sophos anti-virus
software.

www.mimesweeper.com
www.sophos.com
**********************************************************************

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This message is for the use of the intended recipient(s) only. 

If you have received this message in error, please notify the sender and
delete it.The British Council accepts no liability for loss or damage caused
by software viruses and you are advised to carry out a virus check on any
attachments contained in this message. Our purpose is to build mutually
beneficial relationships between people in the UK and other countries and to
increase appreciation of the UK's creative ideas and achievements. The
British Council is registered in England as a charity.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
              [log in to unmask]
  (all commands go to [log in to unmask] not the list please)
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^