ISACA applauds new powers for Information Commissioner

"Last July, in his outgoing report, Information Commissioner Richard Homas criticised the EU data protection directive – which underpins the UK's Data Protection Act – for effectively showing its age," comments Vernon Poole, a member of ISACA's Information Security Management Committee and head of business consultancy for Sapphire. "Reports now suggest that the UK government will enhance the powers of the ICO, allowing it to raise penalties against data controllers, under Section 55A of the Data Protection Act," he adds. According to Poole, under Section 55A of the Act – for which the Ministry of Justice has reportedly set an internal target for implementation of later this year – the Information Commissioner will be able to impose penalties on companies that fail to protect their data, when that data is subsequently lost. The original game plan, he explains, was for the penalties to be published in March of this year, ready for Section 55A of the Act to become law this month. These dates have now passed, but if the internal target is to pass the legislation amendment before the parliamentary summer recess, so that Section 55A could become law by late Autumn. "This is good news as, at that stage, we will coming up on the second anniversary of the infamous loss of 15,000 pension customer details on a CD-ROM mailed between HMRC's offices in Newcastle and Edinburgh," he says.