I notice the UK Information Commissioner's Office has put up a response to the Ministry of Justice's call for evidence on how well current UK data protection laws are working - the consultation was only issued in July with an October closing date.
The ICO's response is, surprisingly (or perhaps not), very brief. Their points (emphasis added):
Given that the point of the consultation was to help inform the UK's position in negotiating future reforms of the EU Data Protection Directive, which have been postponed to late 2011 anyway, I expect nothing much is going to happen for a long time.
Still, it's interesting and useful to see a summary of what the UK privacy regulator considers are the most important issues with the current law.
There's one major issue they've not mentioned, which I've stressed before in the PETs context: monitoring/enforcement - perhaps because they think it's to do more with money and/or internal issues within the ICO rather than the law?
It seems to me there's a need to beef up monitoring and enforcement eg by increasing powers and by the government providing more resources to the ICO; certainly by the ICO using its teeth properly, giving those who breach data protection requirements at least a nip. Continued teeth baring really isn't good enough, there's no point barking if people think you're never going to bite. (To expand on Commissioner Reding's excellent quote "Having a watchdog with insufficient powers is like keeping your guard dog tied up in the basement"!)
Lest anyone raises the recent £2.275 million fine imposed on Zurich Insurance for data losses (reported by eg ComputerWeekly and Out-Law), that was levied by the Financial Services Authority - not the ICO.
©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.