The functions, powers and resources of the Information Commissioner
21 March 2013
The Information Commissioner is facing a funding shortfall of £42.8 million that may have to be paid for by the taxpayer as a result of new EU data protection legislation, the Justice Committee warns.
- Report: The functions, powers and resources of the Information Commissioner (HTML)
- Report: The functions, powers and resources of the Information Commissioner (PDF)
- Justice Committee
Sir Alan Beith MP, Chair of the Committee, commented:
“Taxpayers will have to pick up the tab for the Information Commissioner’s vital data protection work when new EU rules come into force unless the Government can find a way of retaining a fee-based self-financing system.”
Expanded responsibilities
The Information Commissioner’s responsibilities look set to expand dramatically as a result of EU Data Protection laws and the possible implementation of recommendations about his role made in the Leveson Report. The removal of the notification fee payable to him by data controllers and other funding cuts could compromise his work unless Government finds a solution.
The Committee commends the Information Commissioner for handling more casework and significantly cutting the backlog of freedom of information appeals at the same time as reducing his budget. The funding for freedom of information work has been cut by 23% from £5.5 million in 2011–12 to £4.25 million in 2012–13.
In line with public spending targets his Office has also planned for a further cut of 6% in 2013–14 and the Ministry of Justice has asked the Commissioner to prepare a business case showing how the Office would be affected by a further 5% cut in that year.
Penalties
The report reiterates the Committee’s recommendation that the penalties for data protection offences must be increased to provide a more effective deterrent. The case of construction companies using an illegal blacklist - which prevented individuals from obtaining work because of their trade union links - illustrates the need for greater sanctions according to the committee. The £5,000 fine that was imposed on the company which compiled the blacklist shows that the scale of data protection offences is not matched by the penalties available to courts.
Sir Alan added:
“We do not understand why the Government has not adopted the recommendation made by us and other parliamentary committees that custodial sentences should be made available for breaches of section 55 of the Data Protection Act. This issue should not be lost in wider data protection enforcement questions arising from the Leveson Report.”
Audits
The report also raises concerns that a significant number of public sector bodies that handle sensitive private data have refused free audits from the Information Commissioner that could identify security problems in the way they are handling data. The MPs call for compulsory audits to be extended to NHS Trusts and local councils, and say that it is shocking that so many public sector organisations that handle sensitive data should refuse a free audit from the Information Commissioner.
The Committee also reiterates its view that the Information Commissioner should be granted greater independence from the executive by being made directly responsible to, and funded by, Parliament.
Sir Alan explained:
“This Committee has long held the view that the Information Commissioner’s independence from the Government needs to be enhanced.”