This week has seen the latest round of NHS data security troubles, with five NHS Trusts in England and Wales giving formal undertakings to the Information Commissioner’s Office to make sure their handling of personal information meets the requirements of data protection legislation going forward.
Ironically, this comes just the week after it emerged that the Information Commissioner’s Office now no longer expects its power to fine for serious compliance failures to go live before the end of this year. At the current rate of progress it looks likely that it will ultimately have taken the best part of two years from the enactment of the power, for the ICO and the Ministry of Justice to do what is necessary to put it into operation.
Political attention would appear to have been diverted to the Coroners and Justice Bill (currently in the Lords) and the improvements which it will bring to the ICO’s inspection powers. This is of course another important development for the regulator, but even stronger inspection powers will not drive major cultural change, unless backed up by suitably heavyweight sanctions…
On July 17, 2009