Private firms doing well on data protection, but NHS and public sector not so much: ICO

Summary:The data protection regulator, which is lobbying for powers to force NHS and local-authority bodies to submit to compulsory audits, has released an overview of the 60 audits its has carried out over the past two years.

Companies in the UK are doing a great job at data protection but compliance in the NHS and local government sectors is a bit shakier, the Information Commissioner's Office has said.

The privacy watchdog released four reports on Thursday, detailing the results of 60 audits it has carried out over the last two years. Of the 16 private-sector firms audited, 11 were shown to have a 'high level of assurance' that they were handling people's data correctly and safely.

"Local government authorities also need to improve how they record where personal information is held and who has access to it" — Louise Byers, ICO

That accolade was missing for almost everyone else. A high level of assurance was found at one health-service organisation out of 15 audited, one local-government organisation out of 19, and two central government departments out of 11.

"The private sector organisations we have audited so far should be commended for their positive approach to looking after people's data," ICO 'head of good practice' Louise Byers said in a statement.

As for the NHS and central government departments that were audited, Byers said they "generally have good information governance and training practices in place [but] need to do more to keep people's data secure".

"Local government authorities also need to improve how they record where personal information is held and who has access to it," she added.

Why get audited?

Of these four groups, only one — central government departments — is forced to submit to ICO audits. The rest all apply voluntarily, leaving the ICO unable to examine them closely unless they are caught out over a serious data protection breach.

Byers warned private firms not to "rest on their laurels", and complained that "relatively few companies" agree to an audit.

A spokesman for the ICO conceded to ZDNet UK on Thursday that, if firms were "in real trouble", they would be far more likely to go to a private company for an audit than to approach the data protection regular. However, he added that getting a clean bill of health from the ICO was a "badge of honour" that the firm could then show off.

One reason the ICO publicised its findings on Thursday was to lobby for powers to force NHS and local government bodies to submit to audits.

"Organisations in these areas will be handling sensitive information, often relating to the care of vulnerable people," Byers said. "It is important that we have the powers available to us to help these sectors improve."

Topics: Privacy, Government : UK, United Kingdom

About

David Meyer is a freelance technology journalist. He fell into journalism when he realised his musical career wouldn't be paying many bills. His early journalistic career was spent in general news, working behind the scenes for BBC radio and on-air as a newsreader for independent stations. David's main focus is on communications, of both... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.