ICO information rights strategy published

Updated January 2012

The Information Commissioner's Office (ICO) has published an 'information rights strategy', which sets out how the ICO will go about achieving its goals. The strategy document provides an insight into how the ICO will exercise its enforcement powers and the sectors which are the current focus of regulatory activity.

The strategy document provides an overview of the ICO's goals, namely ensuring that:

• organisations collect and use personal data responsibly and fairly;
• public authorities are open and transparent; and
• individuals are aware of their information rights and how to protect themselves from misuse of their data.

The ICO makes it clear that it will continue with its current approach of being both educator and enforcer and will take a targeted, proportionate approach to enforcement. The ICO's strategy is to take a risk-based approach to upholding information rights, concentrating resources on areas where there is a genuine opportunity to defend or promote the information rights.

The strategy document also sets out the broad outcomes that the ICO is seeking to achieve, which include:

• raising individual awareness of information rights;
• organisations routinely meeting their legal obligations;
• a high level of awareness within organisations of legal requirements and the sanctions that will apply if they are breached;
• good information rights practices being embedded into the culture and day to day processes of organisations; and
• good practice being driven by use of the ICO's regulatory tools and guidance.

In order to achieve these outcomes using a targeted approach the ICO will focus on four of five priority sectors/activities. The priority areas have been identified by the ICO bearing in mind the level of risk inherent in a particular area, the opportunities for the ICO to further its goals and outcomes and the opportunity for the ICO to minimise risk and exploit opportunities. With this in mind, the ICO has identified the following five areas as priority areas at the time of publication of the information rights strategy:

• health;
• credit and finance;
• criminal justice;
• internet and mobile services; and
• information security.

The priority areas will be reviewed annually.

Organisations operating in the priority sectors need to be aware that they will be under particular scrutiny from the ICO during the next twelve months. In addition, with information security being identified by the ICO as a focus area, all organisations should ensure that their data security procedures and policies are robust and up to date and are being followed in practice by employees.

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at January 2012. Specific advice should be sought for specific cases; we cannot be held responsible for any action (or decision not to take action) made in reliance upon the content of this publication.

TLT LLP is a limited liability partnership registered in England & Wales number OC 308658 whose registered office is at One Redcliff Street, Bristol BS1 6TP England. A list of members (all of whom are solicitors or lawyers) can be inspected by visiting the People section of this website. TLT LLP is authorised and regulated by the Solicitors Regulation Authority under number 406297.