Transcript Document

How the Information
Commissioner’s office operates as
a regulator
David Smith
Deputy Information Commissioner
The Legislative Framework
• Data Protection Act 1998
• Privacy and Electronic
Communications Regs 2003
• Freedom of Information Act 2000
• Environmental Information Regs 2004
EU Directive 95/46/EC
• On the protection of individuals with regard
to the processing of personal data and on
the free movement of such data
• Each member state shall provide that one
or more public authorities are responsible
for monitoring the application within its
territory of the provisions adopted
• These authorities shall act with complete
independence in exercising the functions
entrusted to them.
Data Protection Act 1998
• Data controllers
• Notification
• Data protection principles
• Individual rights
Data Protection Act 1998
• Exemptions
• Special purposes
• Unlawful obtaining/disclosing
(“blagging”)
• Information Commissioner
The Information Commissioner
• Promotion of good practice
• Provision of information and advice
• Development of Codes of Practice
• Ruling on requests for assessment (“complaints”)
• International cooperation
• Ensuring compliance
Ensuring compliance
• Information gathering powers
• Assessment notices (“compulsory audit”)
• Consensual audits
• Specific guidance for data controllers
• Report to Parliament
• Sanctions
Sanctions
• Criminal prosecution
• Civil monetary penalties
• Enforcement notices
• Formal undertakings
• Appeal to First Tier Tribunal
The ICO in Practice
• A model of good regulation
• Regard to Regulators’ Compliance Code
• Focus on risk to data privacy
• Selective to be effective
• Maximising our impact
• Importance of independence
In summary
• Enforce
• Educate
• Empower
• Engage
• Enable
Keep in touch
Subscribe to our e-newsletter at www.ico.gov.uk
or find us on…
www.twitter.com/iconews