ICO calls for audit enforcement power
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Regulator wants to be able to force private companies, local authorities and the NHS to undergo data protection audits
Information Commissioner Christopher Graham says the data protection watchdog should be able to audit local authorities, businesses and the NHS without their consent.
Currently, the ICO only has compulsory audit powers over central government, with consent required for an audit to be carried out in other sectors. However, Graham argues that these sectors are sources of particular concern. The NHS accounted for 40% of data breaches since April this year, while two thirds thirds of data breach fines were issued to local government authorities.
"Something is clearly wrong when the regulator has to ask permission from the organisations causing us concern before we can audit their data protection practices," Graham said. "With more data being collected about all of us than ever before, greater audit powers are urgently needed to ensure that the people handling our data are doing a proper job."
Earlier this year, Graham revealed that businesses are turning down free data protection audits. "Audits are not about naming and shaming," Graham said at the time. "The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously."
