The new UK Information Commissioner, Christopher Graham, shared his vision for data protection regulation at his first conference speech in London yesterday. As the keynote speaker at the 8th Annual Privacy and Data Protection Conference, chaired by Hunton & Williams partner, Bridget Treacy, Christopher Graham positioned himself as a fair, but tough, regulator who will not be afraid to use his strengthened enforcement powers.
The Commissioner noted that his vision for the Information Commissioner’s Office (“ICO”) is that of a well-funded regulator working to assist organizations with their data protection compliance activities and deal with any perceived non-compliance as early as possible. However, he made it clear that sanctions will follow for those organizations that choose not to comply with data protection laws.
Specifically, Christopher Graham noted that the recent increase in data protection registration fees in the UK will greatly improve his office’s funding and enable him to expand its focus on compliance and enforcement. He envisions a greater number of inspections or audits of data processing activities. Further, the Commissioner’s power to impose monetary penalties is expected to come into force in April 2010, and Christopher Graham expects that 20 or so organizations are likely to be fined within the first 12 months.
Overall, there was a sense that change is afoot at the ICO.
