At the end of March, the UK Information Commissioner’s Office (ICO) released its corporate plan for 2014-2017 titled “Looking ahead, staying ahead” (the Plan). Information Commissioner Graham stated that the changes proposed are “about getting better results, for both consumers and for data controllers.”

As the UK’s supervisory body for upholding information rights, the ICO has a wide range of responsibilities. These include educating citizens and organisations about their rights and responsibilities under the various pieces of legislation, and also investigating complaints and taking enforcement action when things go wrong.

In the Plan, the ICO recognises that its role will evolve in light of the proposed EU General Data Protection Regulation and in relation to press regulation stemming from the Levison report. In order to be proactive in fulfilling its duties, the ICO has stated that there will be a “shift in focus, with cases brought to the ICO used to identify broader data protection problems and improve organisations’ current practices.”

The Plan details a number of specific changes and initiatives that organisations can expect to see over the next three years, including:

  • Closer work with organisations such as trade bodies and other regulators to improve compliance and develop privacy seals and trust marks
  • The introduction of an on-line, self-reporting breach tool to assist organisations in complying with the law
  • The development of new and existing codes of practice to ensure organisations have access to up-to-date advice
  • The reactive investigation of offences under the Data Protection Act 1998 and Freedom of Information Act 2000, along with initiatives for increased cooperation between the ICO and other regulators
  • The introduction of a monitoring process to check how quickly data controllers respond to subject access requests
  • A target of resolving 90% of data protection and freedom-of-information complaints within six months of being opened
  • The development of free training materials for organisations to use when training their own staff