In the aftermath of the catalogue of high-profile data protection breaches that have hit the headlines recently, we saw a number of new initiatives announced by the Government (including the review now being conducted by Richard Thomas, with a consultation period ending next month).
I must admit that my initial reaction was a mixture of enthusiasm (at last people are taking data protection seriously!) and cynicism. It's very easy to announce a review; implementing substantive change is more challenging. After the England cricket team's dismal performances in Australia and at the World Cup, the "Schofield Review" was announced, which made a number of recommendations ... but appears to have resulted in very little happening: a few administrative tweaks and David Graveney losing his job. Will the same be true for data protection, particularly when the public's attention has shifted elsewhere?
The situation is complicated for data protection in that the law derives from a European directive ... so any changes are likely to consist mostly of tinkering around the edges. In the light of this, I thought Rosemary Jay's opinion piece on Out-law was persuasive:
"No doubt [the measures being taken] ... will result in recommendations on practice or interpretation, but no major change seems likely .... their effect is likely to be muted, and few changes in the law can be expected any time soon."
Still, the Information Commissioner's powers to investigate and take action for breach remain in the spotlight, and he has capitalised on this by setting out his proposals for change in a new document here.
Comments