This is the penultimate blog of the year. The final blog, to be published on New Year's Eve, will look forward to what may be the most significant developments of 2014.
For me, my perspective on personal data continues to change. As an independent consultant, I continue to take an evenly balanced view on the needs of the data controller and the individual. But, I’m also becoming quite aware of which sectors of the economy “get” data protection, and which sectors become ever harder to convince that this personal data malarkey (or the threat of regulatory action from the regulators in Wilmslow) actually means very much.
The focus from Wilmslow, of budgets being tightened, and more and more being required for less and less will, I fear, end up with even the ICO’s supporters querying how it can begin to achieve its statutory objectives with the income it has been granted.
Perhaps someone will devote some time next year to disentangling some of the parts of the ICO’s job description. What can be done more properly by an Information Ombudsman (Like, say, the Financial Services Ombudsman)? Ombudsmen tend to deal with specific complaints, and they don’t tend to have the time to see whether structural changes or reforms are required across industries. A newly constituted Information Commissioner could easily lose (or dispense with) his complaints and enforcement arms. This might leave the ICO with tasks that are more strategic and can be dealt with by a Commissioner with the size of staff that most British Commissioners have. [The Surveillance Commissioner, the Surveillance Camera Commissioner, the Interception of Communications Commissioner, the Forensic Services Commissioner, the Children’s Commissioner – even local Police & Crime Commissioners together don’t have the resources the ICO has]
Perhaps someone will devote some time next year to working out what training needs data protection officers require, and how these can best be delivered. Or will everyone just sit back and wait for the IAPP’s certification programmes to wash over the world? And allow the British Computer Society’s data protection ISEB exam to fade away because it’s actually pretty hard to pass?
And, perhaps, a few more companies outside the financial services sector will realise that this data protection malarkey is quite important, and that responsibility to addressing the relevant issues had better not be devolved too far down the management chain.
But none of these will feature in my 2014 predictions list. No, that list is far more fanciful.
Thanks for reading this blog during 2013 – and for your very helpful comments during the year.