Data protection watchdog the Information Commissioner’s Office (ICO) is to be given the ability to raid government departments it suspects of wrongdoing or negligence.

Prime minister Gordon Brown today announced that the ICO would be given the power to conduct “spot checks”, in a bid to prevent data breaches on the scale of that suffered by HM Revenues & Customs in November 2007.

While the powers do not yet permit the ICO to raid business premises, information commissioner Richard Thomas said “alarm bells must ring in every boardroom”.

“For some time, I have been pressing the government to give my Office the power to audit and inspect organisations that process people’s personal information without first having to get their consent,” he said.

Thomas also called for large-scale data breaches to be made a criminal, rather than civil, offence – a move that would drastically increase the penalties for such a breach.

Currently, the ICO can only search premises if it suspects that data is being traded illegally, and obtains a warrant through the courts. Proposals for additional powers include compulsory inspections, deadlines for information to be handed over and fines for organisations that fail ‘good practice’ assessments.

“We believe that sharpening the information commissioner’s teeth will enable him to be a stronger, more effective regulator,” said justice minister Michael Wills.

Further reading

Government slammed by data breach reports The MoD and HMRC are being called to account over two high-profile incidents of data loss

Data theft is a people issue It is important to understand the legal context for guarding against data theft, says Warren Wayne of law firm Bird & Bird.

Little faith in ID safeguards Internet banking and retailing could easily be sacrificed for identity protection.

Find more stories in the Security & Continuity Briefing Room