Data watchdog must prepare to be hounded
The new powers awarded to the Information Commissioner recently have been well trailed by the government for more than a year. Indeed, they were trotted out as a response every time the government suffered another data loss, as if a more powerful commissioner would be some sort of panacea. It won’t.
I am often asked why I think government data losses not exactly scintillating stories have become the stuff of headlines.
The answer is threefold.
First, HM Revenue & Customs (HMRC). The loss of 25 million child benefit records was a huge blow for the government and undermined Gordon Brown’s carefully crafted image as a safe pair of hands. If the hands are not safe, and their owner was presiding over an increasingly authoritarian government, this was a worrying chain of events.
The media love a narrative in the vein of “recent event illustrates larger problem” and here they have a story that will run and run.
Second, ID cards. However much the government tries to bill this initiative as a new type of passport, the public remain unconvinced.
The ID card scheme is stuck between a rock and a hard place. ID cards play into the left-wing media’s concerns over the erosion of civil liberties and the right-wing media’s concerns over a growing nanny state. The success of the Conservatives in linking every data loss story to the theoretical vulnerability of the National Identity Register has added grist to the mill.
Which brings us to the third reason: David Davis. By making opposition to the growing “database state” a tenet of his by-election campaign the former shadow home secretary helped keep data loss in the headlines.
One result of all this media attention is the profile of the Information Commissioner. Current incumbent Richard Thomas found himself thrust into the limelight and after years of calling for stronger powers he now has them.
Opinions are mixed on Thomas’s reign. He comes from a legal background in a field that is becoming increasingly dominated by technology. Recently his office has suffered a huge backlog of cases as well as staffing problems, with many of the commission’s lawyers leaving.
But nobody could claim that data protection has not risen up the news agenda under Thomas’s stewardship.
However, his yet-to-be-appointed successor, due to take over in June 2009, will have a different job to the one Thomas inherited. The job will be more politicised, it will become the object of more media focus, and the new commissioner will be expected to keep government use of personal information in check.
Whoever is appointed must be up to speed with technology many think somebody from an IT background would be suitable.
But just how much will the Information Commissioner’s powers help solve the government data loss problem?
Changing the culture of government will be no mean feat, especially at a time when technology is enabling more information sharing. Even though the fines that can be levied have increased, they are still a token gesture. What really matters is the adverse publicity of a data breach.
The national media is far more attuned to incidents of data loss than ever before, so the Information Commissioner can make an enormous splash through a carefully timed press release. And that means political paymasters will be keeping a gimlet-eyed lookout on the commissioner’s activities.
Instead of struggling to raise the profile of data protection, as Richard Thomas had to do, it seems more likely that the next commissioner will face more of a challenge keeping some distance from politicians from all sides.
By Tom Young