The ICO has launched its Corporate Plan for 2016-19, setting out a three year rolling plan on how we intend to achieve our objectives. Here is Information Commissioner Christopher Graham’s introduction to the plan.
The power of digital gives the consumer greater choice, but, at the same time, it also provides businesses with unprecedented amounts of personal information and detailed insights into how we live our lives. We entrust our data to commercial operations, often without even realising what we have done or the implications of having done it.
Companies are not always as good as they should be about respecting that information, which all too often is seen as a business asset of increasing value. And it’s not just commercial operators. Public authorities – government departments and agencies, local councils, the NHS – hold our personal information digitally and, increasingly, need to share it in order to deliver efficient, modern public services. But they do not always keep this data as securely as they should – or respect the limitations on its use set out in legislation. And there are fine judgements to be made about when the state should have access to personal information to combat crime or terrorism – the balance between respect for personal privacy and securing the safety and welfare of the community at large.
Similarly, digital communications give the citizen greater power to require public authorities to be more accountable. They also enable the authorities to publish more data about their operations and to be more transparent than was possible in an earlier age. Yet there remains a reluctance to publish information that may be embarrassing to organisations or individuals.
So, there is important work for the ICO to do, as the UK’s referee of the operation of both the Data Protection Act and the Freedom of Information Act and their associated regulations.
But the legislation under which we operate is not fixed and immutable. The Freedom of Information Act has been undergoing review by Lord Burns’s commission and the long-running review of the EU’s data protection framework is almost complete. After four years of deliberation we now have the outlines of a new General Data Protection Regulation, together with an associated Directive on police and justice that will require full implementation from mid-2018.
It is the proposed changes to data protection laws that will have the most profound impact and the ICO is gearing up to lead the transition to the new framework – so that citizen and consumer rights can be secured more effectively in the future.
The new data protection framework includes much that is familiar, but it also makes significant changes. If the ICO is to deliver its mission over the next three years and beyond, as well as enforcing the law as it currently stands, in the face of all the challenges technological developments present, we will also have to be fully prepared for the future regulatory environment – and help UK businesses and organisations similarly to adapt.
So, as we continue to apply the existing UK laws and discharge all our other responsibilities, the ICO will be embarking on a significant change programme. This process will be led by a dedicated change team, and will involve staff from all parts of the ICO. Our aim will be to make the transition as seamless as possible for all concerned. Our delivery objectives remain as relevant as ever and we will work hard to make sure that organisations understand both what their obligations are now and what they will be from 2018 – and that consumers and citizens are aware of their developing information rights. You will see that what the ICO needs to do to prepare for the new EU framework is a theme that runs through the entire corporate plan.
My second term as Information Commissioner ends on 28 June 2016 and, after seven exhilarating years at the ICO, I will pass the torch to my successor. No doubt a new Commissioner will have new ideas; but the plan set out over the following pages is designed to ensure that the ICO handles the change in leadership without needing to break step. The broader based, more collective, approach to leadership we put in place last autumn means that the Senior Management Team can continue to deliver an agile response to all the demands of the fast-moving environment in which the ICO finds itself – right and ready for the future, whatever challenges it holds; always able to respond quickly and flexibly to the imperatives of upholding information rights effectively.
|Christopher Graham, Information Commissioner, has a range of responsibilities under the Freedom of Information Act 2000, the Data Protection Act 1998 and related laws.|