ARTICLE
2 January 2013

ICO Releases Findings Of Audits

CC
Clyde & Co

Contributor

Clyde & Co is a leading, sector-focused global law firm with 415 partners, 2200 legal professionals and 3800 staff in over 50 offices and associated offices on six continents. The firm specialises in the sectors that move, build and power our connected world and the insurance that underpins it, namely: transport, infrastructure, energy, trade & commodities and insurance. With a strong focus on developed and emerging markets, the firm is one of the fastest growing law firms in the world with ambitious plans for further growth.
The ICO has released the findings of data protection audits which took place between February 2010 and July 2012.
United Kingdom Privacy

The ICO has released the findings of data protection audits which took place between February 2010 and July 2012. The audit reports can be found here.

The audit outcomes have been published on a sector by sector basis and the findings make interesting reading, particularly in relation to compliance within the public sector including the NHS and local authorities. The findings confirm that whilst the ICO acknowledges that positive steps have been taken by the private sector to improve DPA compliance, the management of personal data within the public sector remains a cause for concern.

ICO audits are currently not compulsory for all data controllers and accordingly a large number of the organisations which have been audited consented to the process. In releasing their findings the ICO has again indicated that they consider they should have the power to compel any data controller to be audited. The head of good practice at the ICO stated: "The results of these reports show why we have requested an extension to our compulsory audit powers to cover the NHS and local government sectors. It is important that we have the powers available to us to help these sectors improve".

The audit outcomes provide helpful guidance on typical issues which the ICO considers important in terms of DPA compliance, and set out a number of practical examples for data controllers to consider and to benchmark against in terms of assessing where they stand in meeting the requirements of the DPA.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More