Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

New Enforcement Guidance from the UK’s Information Commissioner’s Office

Posted in Data Compliance & Security, European Union, Mobile Privacy, Privacy Regulation

(LONDON) Who is on the ICO’s radar these days?  August seems to be the month for getting new guidance documents out the door at the United Kingdom’s Information Commissioner’s Office.  The UK ICO has just published guidance as to when it is likely to take regulatory action.

The new guidance should be reassuring to companies that are making good faith efforts to comply with the UK’s data protection laws.  Companies that haven’t yet engaged fully with the data protection laws, on the other hand, would be well advised to review the regulatory action guidance, which (along with the ICO’s other guidance documents) puts the law into practical context.

The ICO’s guidance states that regulatory action is likely to be triggered by:

  1. Issues of public concern (including those in the media).
  2. The novel or intrusive nature of specific data processing activities.
  3. Complaints made by the public to the ICO.
  4. Issues that emerge from the ICO’s other activities (such as audits).

Interestingly, the ICO has said that it is less likely to take action where market forces are likely to put pressure on data processors to comply with the data protection laws.  This pro-market approach distinguishes the ICO from other EU data protection regulators, who typically take a more skeptical view of the effectiveness of the free market to incentivize companies to protect personal data.

By way of contrast, the ICO notes that the public sector may require more regulatory action since public sector data protection practices are less transparent, individuals have less choice as to their relationship with public sector data collection and processing, and the nature of the data being processed is frequently more sensitive (such as health data).

The ICO’s current priority areas are:

  • Health
  • Criminal justice
  • Local government
  • Online and mobile services

Three out of the four current priority areas are largely served by the public sector, but the for-profit sector should also stay alert:  The ICO’s enforcement notices page lists Glasgow City Council right next to Google.