Monday, 17 August 2015

The (discrete) search for the new Information Commissioner

The (discrete) search to appoint a successor to David Smith, soon-to-retire Deputy Information Commissioner and Director of Data Protection is over.

Shortly, the successful candidate will be unveiled. Don't worry, it’s not me. And a (discrete) search will commence to find a suitable replacement for Chris Graham, soon-to-be outgoing Commissioner.

How secret should this process be, and when is it appropriate to extend the selection process?

Given the transparency and manner in which people can participate in elections for leaders of political parties, perhaps the time is ripe for a larger group of people to be involved in selecting public officials who will be involved in determining information rights enforcement strategies.

After all, in the UK, we generally police by consent. So, given the resource challenges that the ICO faces, surely it is right that a significant body of people help determine the identity of the “independent” person who subsequently determines the enforcement priorities that his officials will adopt.

Otherwise, what checks are available? Can we always trust the “backroom bods?”

When even a person as eminent as the Chairman of the House of Lords Privileges and Conduct Committee can be alleged to have behaved as badly as he has, why should it be assumed that the current appointment system is perfectly fit for purpose?

But, more to the point, why should Data Protection Officers, who actually play a very significant role in ensuring that organisations comply with their data protection, be disenfranchised from a compliance process they play such an integral part in?

If I had my way, the DPOs of all registered data controllers would be able to register their interest in participating in the selection process by paying a £3 fee to the ICO – just as the Labour Party currently allows interested individuals to participate in elections for party leader.

Hopefully, it won’t be too long before it is more generally realised that the Office of the Information Commissioner is, in many respects, a political office. In determining how precisely how laws will be enforced, the Commissioner currently exercises his own judgment (supported, presumably, by the ICO Board and his Executive Committee). But he plays a political role – and this is a role for which he’s pretty unaccountable to the data controllers he’s regulating.

Future Commissioners will get one term to rule. And as they won’t need to concern themselves with the need to remain on good terms with those who would (previously) have extended their initial appointment, there is a risk that they will adopt enforcement strategies that will really rub people up the wrong way.

Accordingly, to give the incoming Commissioner a greater sense of legitimacy, the selection process really needs to be made more transparent.

The days are numbered where a meek group of regulated organisations will simply accept the whim of whomever will be selected to step into a senior office.

So an election – or even hustings from a selection of the more promising applicants - would do nicely, thank you.


Image credit:
Today’s image is that of the ballot machine used in Florida during the 2000 Presidential election – many votes were disputed because incompletely punched holes resulted in “hanging chads.”