Outgoing ICO head, Christopher Graham, calls for government to publish data protection review
Funding, the GDPR and other issues need to be thrashed out, argues Graham
Christopher Graham, the outgoing Information Commissioner, has called on the government to publish the review into the Information Commissioner's Office, which was completed before the election last year, but which still hasn't seen the light of day.
Graham described it as "the thing that never happened". The review was intended to examine the ICO's form and function as the UK's data regulator, which may be up in the air following the UK vote to leave the European Union, with its exit due to coincide with the implementation of the EU's General Data Protection Regulation (GDPR).
Graham stepped down yesterday, after a tenure of seven years, and spoke of a report that was due before last May's general election but has yet to be published.
"The general election [came] along and [the report] hadn't been finished. Then it was machinery of government changes, so nothing was going to happen. After the machinery of government changes it was the referendum," said Graham, explaining the reasons for the delay.
Graham said that the ICO wants to see the report published "because we know it said some very complimentary things about the way the ICO was operating".
He added: "I'm sure the ministers will decide what they want to do about it, as it was a government not an ICO project. But we put a lot of effort into responding to all the questions and challenges in the review and I would really like to see it out."
Graham also mentioned a sum of £18m that had been suggested for new funding arrangements for the ICO, and that options with the Department for Culture, Media and Sport were being addressed to consider the future of ICO funding.
The possibility of extra staff for the ICO, targeted specifically at dealing with hacking and website security vulnerabilities, is one area of exploration that would be undertaken under increased funding.
The ICO recently called on the government to reform the UK's data protection laws, which it said will have to be equivalent to the GDPR framework, regardless of the Brexit vote.