Infosec 2012 The UK's Information Commissioner's Office is looking to spend around £3m on its IT, with an invitation for tenders expected at the end of next month.
Information commissioner Christopher Graham told vendors at Infosec
during his keynote speech that the ICO hoped to publish its procurement
notice in the Official Journal of the European Union, seeking a vendor
to provide his office with IT services.
Graham said the office would be spending about 20 per cent of its £15m budget on IT.
The commissioner also said that the ICO had handed out 14 civil monetary
penalties (CMPs), the office's fancy name for fines, for data
protection breaches in the 18 months since he was given the power to do
Graham was keen to prove that the ICO wasn't just a toothless watchdog,
but the fact that the majority of the penalties had gone to local
authorities and other public bodies raised questions about the office's
authority in the private sector.
However, Graham said that public bodies simply had more personal data
than businesses so their breaches were often more serious. The penalties
were only meant to be used when there had been a serious breach and if
the offenders quickly fixed the problem and put in policies to make sure
it would never happen again, they may not be fined, he said.
Data protection breaches were also taken more seriously by the ICO when
the data controller wasn't up to scratch or the business hadn't taken
steps to ensure their staff handled private information carefully.
He cited the example of one local authority where child protection papers were faxed off to the wrong place.
"[The authority] said that all the policies were in place, everybody was
trained, it was all fine, nothing to see here," he said.
"But my people said, "Certainly not, this could happen again tomorrow".
"It happened that afternoon, exactly the same stupid faxing error and that's one of the reasons why a CMP was appropriate."
The commissioner was also asked by an Infosec attendee what he thought
of the proposed web-snoop law and how that fit in with his mandate to
protect people's privacy .
"You're referring to something that's called the Communications
Capability Directive. We believe there's going to be something in the
Queen's speech, whether it's going to be a bill or a draft, I don't
know," he said.
"I would prefer to wait and see what's in the bill, but... I think if
you're going to justify this invasion of privacy, you've got to make
your case for it and you've got to mitigate any threats by showing that
you've got limitations in place... and safeguards to make sure this
honey-pot is not accessed by just anyone." ®