Tightening up the rules is one thing, getting people to play by them is quite another!

Over the last few weeks we have seen a flurry of legislative activity from government in a bid to ensure that the data handling cock-ups made by government itself do not happen again. There is no point in discussing exactly how far the horse had actually travelled before someone thought to think about locking the stable door as what has gone has gone. Yet, the core goal of making sure that companies act honestly and responsibly when handling consumer data and information is still a million miles away from the desired objective.

A strengthening of the Information Commissioner’s powers must surely be welcomed by everybody. It is utterly absurd, and completely ineffective, to have a governing body that can only investigate a recalcitrant organisation by being invited by that same company to come and investigate them – it is simply never going to happen. So allowing the ICO to enter a company’s premises without notice has got to be a good thing. Equally allowing the ICO to deliver meaningful fines (e.g. not a £5,000 maximum) will also serve to sharpen a board’s focus when discussing issues around data security and privacy. However, for the last decade the ICO has had endless opportunity to crack their, albeit inadequate, whip. Hundreds of companies daily flout the existing legislation, by simply ignoring core principles such as “data shall be kept up to date and relevant at all times” – the 4th Principle.