Privacy watchdog consults on new powers

ICO will be able to perform compulsory audits on central government departments

The watchdog can spot check government departments

The privacy watchdog has launched a consultation on how it will use new powers due to come into effect in April.

The new auditing method will allow the Information Commissioner's Office to assess whether organisations are processing personal information in line with the Data Protection Act (DPA) and include the power to enact spot checks.

The powers were recommended in the Data Handling Review, commissioned by Gordon Brown after HM Revenue & Customs lost the child benefit details of 25 million families.

The ICO says it will take a proportionate and risk-based approach to auditing, based on intelligence that includes complaints received, business and media reports and annual statements issued by the organisation.

The body will continue to request consent for an audit to be carried out, but if an organisation refuses it can perform a spot check.

Initially this will only apply to central government departments, though the watchdog can make a case to the government for the power to be available more widely.

David Smith, deputy commissioner at the ICO, said: “We will work with organisations that want to get it right and are keen to follow best practice. However, those government departments less willing to work with us will face an Assessment Notice if there is evidence to suggest they are putting personal information at risk."

Smith said where the ICO can make a good case, it will seek to extend its powers to undertake compulsory audits in the rest of the public and private sectors.

The draft code includes information on the factors considered before issuing an Assessment Notice, the ICO’s approach to compulsory audits and the Information Commissioner’s considerations regarding further action following an audit.

The consultation closes on 24 March 2010.