At the recent House of Commons Public Bill
Committee meeting, the UK’s Information
Commissioner Elizabeth Denham, laid out a series of measures to tighten up
protection and regulation in the digital age and enable the ICO to pursue
individual company directors with fines in the event of data protection
regulation breaches.
The ICO considers that when it levies a fine
(£4 million in total were levied last year), the company in question all too
often goes under before that fine can be paid, leaving the ICO with little more
than a headline and an intent to punish. Occasionally, those same
directors reappear some time later with a new company. Denham wants this
to stop, and wants company directors to be personally liable for fines handed
out to their companies. At the moment, the ICO can fine up to £500,000
which would have a significant impact on any one director. Under the GDPR
these fines will increase dramatically.
Denham made this headline recommendation when
discussing the new Digital Economy Bill which intends to progress the digital
agenda for individuals and government. No further detail was offered on
how this change of approach would be implemented and managed, but it signals a
clear intent to ensure punitive measures are actually followed through.
A number of other measures are also on the
table:
- Implementation of a new Electronic Communications Code to protect people from the practise of “nuisance calls"
- Enabling and controlling data sharing between private companies and public authorities
- Put the ICO’s Direct Marketing Code into statute
- Lower the threshold defining harm to an individual following a breach
- Improve transparency on the collection of personal data and inform on safeguards. Publication of Privacy Impact Assessments was mooted.
We will of course keep you posted on this and
other developments with the Bill.
