Companies in the UK will face spot checks on their compliance with data-protection law this year, with the Information Commissioner's Office almost certainly relying on independent contractors to carry out the checks.
Speaking at the Infosecurity Europe conference in London on Tuesday, information commissioner Richard Thomas confirmed that the spot checks will begin "later this year". Responding to comments that his office may lack the necessary technical knowledge to carry out the checks, Thomas said: "When we begin these spot checks I am 99.9 percent certain that we will engage independent contractors to carry them out."
Thomas confirmed that the Ministry of Justice "will shortly" be bringing in powers to enable his office to carry out these checks.
The government agreed to increase the powers of the information commissioner to inspect organisations holding sensitive data on members of the public in response to the
Funding is another major issue Thomas hopes to tackle — and will need to tackle, if spot checks are to have much effect. "My office is funded entirely by the £35 each data controller pays," said Thomas. "That makes a total of £10.5m. Compare that to the budget of the Health and Safety Executive, which is £875m, and clearly I do think we need an increase."
A data controller is an organisation or person with legal responsibility for the keeping and use of personal information on computer or in manual files. Examples of data controllers include companies, government departments or voluntary organisations.