At the recent House of Commons Public Bill Committee meeting, the UK’s Information Commissioner Elizabeth Denham, laid out a series of measures to tighten up protection and regulation in the digital age and enable the ICO to pursue individual company directors with fines in the event of data protection regulation breaches.
The ICO considers that when it levies a fine (£4 million in total were levied last year), the company in question all too often goes under before that fine can be paid, leaving the ICO with little more than a headline and an intent to punish. Occasionally, those same directors reappear some time later with a new company. Denham wants this to stop, and wants company directors to be personally liable for fines handed out to their companies. At the moment, the ICO can fine up to £500,000 which would have a significant impact on any one director. Under the GDPR these fines will increase dramatically.
Denham made this headline recommendation when discussing the new Digital Economy Bill which intends to progress the digital agenda for individuals and government. No further detail was offered on how this change of approach would be implemented and managed, but it signals a clear intent to ensure punitive measures are actually followed through.
A number of other measures are also on the table:
- Implementation of a new Electronic Communications Code to protect people from the practise of “nuisance calls"
- Enabling and controlling data sharing between private companies and public authorities
- Put the ICO’s Direct Marketing Code into statute
- Lower the threshold defining harm to an individual following a breach
- Improve transparency on the collection of personal data and inform on safeguards. Publication of Privacy Impact Assessments was mooted.
We will of course keep you posted on this and other developments with the Bill.