On December 28, 2011, UK Information Commissioner Christopher Graham outlined the ICO’s agenda for 2012 in a post on the ICO blog, highlighting the European Commission’s proposals for reviewing the EU data protection framework, the post-legislative scrutiny process with respect to the UK Freedom of Information Act (“FOIA”) and the ICO’s Information Rights Strategy. The Commissioner cautioned against allowing data protection compliance to fall by the wayside in the current, tough economic climate, especially given the inevitable reputational damage caused by big data breaches and the ICO’s power to impose fines.
Regarding FOIA, Christopher Graham warned of a widening gap between “the rhetoric of openness” and “the day-to-day reality of reluctance and foot-dragging.” Despite FOIA taking effect seven years ago, some public authorities still regard it as a “distraction.” The Commissioner argued that information rights can deliver “huge benefits in terms of better government, better services, and the protection of freedoms,” but conceded that post-legislative scrutiny may be beneficial in some respects.
On enforcement, in both the blog post and the Information Rights Strategy document, the Commissioner affirmed the ICO’s current prioritization of action in health, credit and finance, criminal justice, Internet and mobile services, and information security. The Commissioner made clear his desire to operate transparently, and by explicitly stating his priorities indicated that we can expect to see increased enforcement action in these fields in 2012.
Within the sphere of credit and finance, the Commissioner is widely considered to be focusing particular attention on the insurance industry. Not dissimilarly, in 2010, the Irish DPA published a special investigation into the use of a shared database within the Irish insurance industry. Scrutiny of the UK insurance industry is expected to follow in 2012, and it is believed that the ICO has requested an increased number of voluntary audits of insurance industry participants. The ICO’s current emphasis on using voluntary audits as an enforcement tool is expected to continue more generally across all industry sectors in 2012.