ICO calls for audit enforcement power

Information Commissioner Christopher Graham says the data protection watchdog should be able to audit local authorities, businesses and the NHS without their consent.

Currently, the ICO only has compulsory audit powers over central government, with consent required for an audit to be carried out in other sectors. However, Graham argues that these sectors are sources of particular concern. The NHS accounted for 40% of data breaches since April this year, while two thirds thirds of data breach fines were issued to local government authorities.

"Something is clearly wrong when the regulator has to ask permission from the organisations causing us concern before we can audit their data protection practices," Graham said. "With more data being collected about all of us than ever before, greater audit powers are urgently needed to ensure that the people handling our data are doing a proper job."

Earlier this year, Graham revealed that businesses are turning down free data protection audits. "Audits are not about naming and shaming," Graham said at the time. "The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously."

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics