Gordon Brown has announced that the Information Commissioner's Office will have the power to carry out data-protection spot checks on government departments.
Brown announced the new powers during prime minister's questions on 21 November, 2007, as the government attempts to win back public confidence lost in the wake of the Revenue & Customs data failure.
Brown told MPs that he had ordered the Cabinet Secretary to undertake a review of data safety in government and would give the information commissioner the power to spot check government departments to ensure data is safe.
The government has been slow to act in this area. It has continuously turned a blind eye to pressure from the Information Commissioner's Office (ICO) to arm it with greater powers to audit and inspect organisations on data-protection issues without first having to get their consent.
Welcoming the prime minister's announcement, information commissioner Richard Thomas said it was essential that his office was properly resourced to carry out this new function.
"It is also important that the law is changed to make security breaches of this magnitude a criminal offence," said Thomas. "At the moment I can take limited enforcement action, but making this a criminal offence would serve as a strong deterrent and would send a very strong signal that it is completely unacceptable to be cavalier with people's personal information.
Read this
Leader: Trust in government tech lost on two CDs
The government has not only lost 25m confidential records — it may also have lost whatever faith the public still had in its ability to safeguard their data…
"Such a change will enable us to prosecute organisations where appropriate. The law needs to be changed urgently so that people's personal details are properly protected.
Research published by the ICO earlier this month highlighted that nine out of 10 people are concerned that organisations do not handle their personal information properly. The study also showed that people rated the protection of their personal information as the second-most important social issue, ahead of the environment and the NHS.
"The onus is now on every organisation to take privacy far more seriously," warned Thomas. "Alarm bells must ring in every boardroom. Data-protection safeguards must be technically robust and idiot proof."
Talkback
If a company was to operate in the same way the government has, they would have been hauled over the coals, hung, drawn & quartered by any number of regulatory authorities. And after that they would be handed over to the public for more of the same.
Considering that it appears the order to extract the data was given by 'higher' management there is little believe that the same level of management won't just sweep their secrets under the carpet when needed.
Is the spot check a true spot check? Or perhaps it will be one of the kind we had at school, where the whole building would be repainted in a weekend and posters and the like appeared plastered on the walls, only to come down after the inspection was over.
Trust them with my personal information for an ID card, i don't even trust them to get my tax code right.
Perhaps it is not only a question of holding our personal data securely, perhaps we should look at the wider question - "Why is it NECESSARY to continue to hold personal information after the immediate reason for it's accrual has passed?"
Perhaps we should be seeing the ICO and the Cabinet dreaming up amending legislation to require the deletion of personal data within a time frame after it is no longer actively needed.
Perhaps we should see, particularly within Government departments, a justification for every detail they hold.