Information Commissioner publishes review of two-year public sector technology trial
Proactive data compliance, harm prevention and the use of reprimands all feature in the assessment.
John Edwards, UK Information Commissioner, published his analysis yesterday, Monday 9th December, setting out the rationale for the past two years of public sector data and technology policy.
‘I introduced a two-year trial of an approach where we would work proactively with senior leaders across the public sector to encourage data protection compliance, prevent harms before they occur and learn lessons when things have gone wrong. I wanted my office to be part of the conversations early on, instead of being on the outside looking in,’ said Edwards.
The trial period has seen incidents that resulted in reprimand made public. At the last count, around 60 of these reprimands had been issued to public bodies for failing to meet requirements or breaching regulations. This includes inappropriate disclosure of personal information relating to minors, to NHS trusts sending bulk emails containing sensitive information.
According to the review, the use of reprimands has been successful, catalysing visible and tangible change of processes and safeguards. ‘Public authorities saw the publication… as effective deterrents, mainly due to repetitional damage and potential impact on public trust.’ This approach was also lauded for attracting the attention of senior government leaders. Central government has also recognised the benefit of these measures.
‘While reprimands had an impact, we also used our other regulatory tools when needed, such as issuing an enforcement notice to the Home Office and fining the Ministry of Defence and Police Service of Northern Ireland for breaking data protection law,’ Edwards continued.
‘If the public sector approach had not been applied, the fines could have reached £23.2m, instead of £1.2m,’ he added. ‘The review showed that central government and wider public sector echoed the sentiment around the impact of fines on frontline services, and how it disproportionately affects the budget of smaller organisations and devolved administrations.’
In addition to recognising what has worked, the review also highlights shortcomings. A lack of clarity around which organisations fall within the scope of the public sector approach, and the type of infringements that could lead to a fine, were found to be particular causes for concern.
‘Reflecting on the past two years and based on the evidence from the review, I have decided to continue with the public sector approach. But I also have listened to the feedback and will provide greater clarity on its parameters,’ said Edwards.
That’s why I’m launching a consultation on the scope of the approach and the factors and circumstances that would make it appropriate to issue a fine to a public authority. You can read more about it and respond to our consultation on our website by 31 January 2025. We will use the input received to inform and finalise our approach,’ he added.
More on technology:
8 recommendations for correcting the UK’s regional tech imbalance
National Databank access expands to overcome digital exclusion at Christmas
Image: Kaitlyn Baker via Unsplash
Leave a Reply