The Information Commissioners Office has issued a statement into its revised approach to working alongside the public sector, after spending two years trialling the approach.
June 2022 saw the publication of an open letter in which John Edwards, UK Information Commissioner, outlined how the ICO will begin to work proactively with leaders across the public sector to ‘encourage compliance’ as well as prevent issues from occurring and learning from anything that might have gone wrong. The basis for this, according to Edwards, would be collaboration as organisations work to address underlying issues that are continuing to result in ‘avoidable’ data breaches.
A statement this week has now stated that the ICO will review the two-year trial, with a view to making a final decision on its approach to the public sector in the autumn of this year. Whilst this process goes on, the approach will still apply to the organisation’s regulatory activities.
The main feature of the approach was outlined in the original open letter, with the Commissioner discussing how he was unconvinced that large fines are an effective deterrent. This stems from the fact that they don’t impact directors and shareholders in the same way that they would a private company, with funding being diverted instead from budgets that ensure services can be delivered.
The full statement from the ICO read:
“In June 2022 we revised our approach to working with public sector organisations and started a two-year trial, as set out in our open letter at the time.
“While we have continued to issue fines to public bodies where appropriate, we have also been using our other regulatory tools to ensure people’s information is handled appropriately and money isn’t diverted away from where it is needed the most.
“We will now review the two-year trial before making a decision on the public sector approach to regulatory activities in relation to public sector organisations.”
Image credit: iStock