MPs call for compulsory data security audits to be extended

Information-Commissioner-LogoA new report from the Information Commissioner has highlighted how councils and NHS Trusts across the UK could be forced to have compulsory audits for data security.

‘The Functions, powers and resources of the Information Commissioner’ report released by the Justice Select Committee raised concerns that a “significant number” of public sector bodies were found to have refused free audits.

The Commission has the statutory power to inspect central Government departments, but also offers free audits to rate standards of data protection for both public and private sector organisations.

The figures showed only 47% of local government organisations contacted had agreed to an audit from the Information Commissioner.

Such audits, which assess how private data is being handled and identifies potential security issues, have seen “reluctant” take-ups by both NHS Trusts and local councils.

The Justice Select Committee described the refusals of public sector organisations, which hold highly-sensitive data, as “shocking” and “even more so in cases where there are serious concerns” over the security of such data.

“We recommend that as a general rule public sector organisations should accept the offer of a free audit from the Information Commissioner, and we consider that it is,” it said.

The Information Commissioner cannot compel organisations outside central Government to accept an audit to assess how organisations handle personal data.

The Justice Select Committee has called for audits to be compulsory and extended to NHS Trusts and local councils across the UK. Any bodies who continue to decline free and consensual audits could be fined as a result.

“The case for extending compulsory audit to NHS Trusts and local councils is clear; while bodies continue to decline free and consensual audits, the only feasible recourse for the Information Commissioner is a civil monetary penalty which ultimately is at the expense of the taxpayer and council tax payer,” read the report.

“We recommend that the Secretary of State bring forward an order under section 41A of the Data Protection Act to meet the recommendation of the Information Commissioner that his power to serve Assessment Notices be extended to NHS Trusts and local councils.”

 

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

OneTrust announces $150m funding

OneTrust recently announced a US$150 million funding round. The capital will bolster the company’s continued growth to meet customer…
Genetec

Genetec recognises data privacy day

In recognition of international Data Privacy Day, Genetec, a technology provider of unified security, public safety, operations, and business…
steven hope

Is a passwordless future possible?

Authlogics CEO Steven Hope outlines the challenges with password security and the prospects of a ‘passwordless’ future
steven hope

Is a passwordless future possible?

Authlogics CEO Steven Hope outlines the challenges with password security and the prospects of a ‘passwordless’ future
Barracuda

Barracuda launches UAE Data Centre

As it looks to meet the growing demand for data protection in the Emirates and better serve its Middle East customers, Barracuda Networks, a partner and
Ukraine

New data‑wiping malware hits Ukraine

Hundreds of computers in Ukraine compromised just hours after a wave of DDoS attacks brings down a number of Ukrainian websites
Ericsson

Ericsson launches IoT Accelerator Connect

Ericsson IoT Accelerator delivers a reliable and secure cellular IoT platform that empowers communications service providers (CSPs) and enterprises
Cohesity

Cohesity appoints Kirk A. Law

Cohesity announced that Kirk A. Law has joined the company as Senior Vice President of research and development (R&D). In this role, Law has global
data centre

Government & critical infrastructure: Data centres

In the new digital world that we thrive in, our societal function is highly dependent on data centres. So, how can we best protect our data
Scroll to Top