… The furor created by various high-profile data security scandals [in the UK] forced politicians to concede that the regulatory environment was inadequate. The government commissioned various investigations and reports and brought into force certain changes designed to improve internal procedures, including mandatory rules on data security provisions in central government contracts.
In the midst of all of this, the enactment in May last year of a power for the ICO to impose monetary penalties for serious breaches of data protection legislation emerged as an unexpected–but very welcome–strengthening of the regulatory regime. Suddenly it seemed that the lack of clout that has traditionally hindered data protection would become a thing of the past, with the protection of personal information finally becoming a board-level issue.
However progress on the preparatory work which is required for the power to become operational has been slower than many had hoped. Work is ongoing on the part of the ICO and the U.K. Ministry of Justice to put in place the guidance which the ICO is required to issue on how it intends to exercise the power, and the regulations which will set the level of the fines available to the ICO.
Read more of the commentary by Grant Campbell, a partner and head of the technology, information and outsourcing group at law firm Brodies LLP, on ZDNet.