The ICO has released the findings of data protection audits which took place between February 2010 and July 2012. The audit reports can be found here.
The audit outcomes have been published on a sector by sector basis and the findings make interesting reading, particularly in relation to compliance within the public sector including the NHS and local authorities. The findings confirm that whilst the ICO acknowledges that positive steps have been taken by the private sector to improve DPA compliance, the management of personal data within the public sector remains a cause for concern.
ICO audits are currently not compulsory for all data controllers and accordingly a large number of the organisations which have been audited consented to the process. In releasing their findings the ICO has again indicated that they consider they should have the power to compel any data controller to be audited. The head of good practice at the ICO stated: "The results of these reports show why we have requested an extension to our compulsory audit powers to cover the NHS and local government sectors. It is important that we have the powers available to us to help these sectors improve".
The audit outcomes provide helpful guidance on typical issues which the ICO considers important in terms of DPA compliance, and set out a number of practical examples for data controllers to consider and to benchmark against in terms of assessing where they stand in meeting the requirements of the DPA.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
