Search

MPs call for compulsory data security audits to be extended

DroneShield

Information-Commissioner-LogoA new report from the Information Commissioner has highlighted how councils and NHS Trusts across the UK could be forced to have compulsory audits for data security.

‘The Functions, powers and resources of the Information Commissioner’ report released by the Justice Select Committee raised concerns that a “significant number” of public sector bodies were found to have refused free audits.

The Commission has the statutory power to inspect central Government departments, but also offers free audits to rate standards of data protection for both public and private sector organisations.

The figures showed only 47% of local government organisations contacted had agreed to an audit from the Information Commissioner.

Such audits, which assess how private data is being handled and identifies potential security issues, have seen “reluctant” take-ups by both NHS Trusts and local councils.

The Justice Select Committee described the refusals of public sector organisations, which hold highly-sensitive data, as “shocking” and “even more so in cases where there are serious concerns” over the security of such data.

“We recommend that as a general rule public sector organisations should accept the offer of a free audit from the Information Commissioner, and we consider that it is,” it said.

The Information Commissioner cannot compel organisations outside central Government to accept an audit to assess how organisations handle personal data.

The Justice Select Committee has called for audits to be compulsory and extended to NHS Trusts and local councils across the UK. Any bodies who continue to decline free and consensual audits could be fined as a result.

“The case for extending compulsory audit to NHS Trusts and local councils is clear; while bodies continue to decline free and consensual audits, the only feasible recourse for the Information Commissioner is a civil monetary penalty which ultimately is at the expense of the taxpayer and council tax payer,” read the report.

“We recommend that the Secretary of State bring forward an order under section 41A of the Data Protection Act to meet the recommendation of the Information Commissioner that his power to serve Assessment Notices be extended to NHS Trusts and local councils.”

 

Recent Posts

Subscribe to our newsletter

Don't miss new updates on your email
Click here

Copyright notice This website and its content is copyright of Security Buyer – © Hand Media International LTD 2021. All rights reserved. Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following: you may print or download to a local hard disk extracts for your personal and non-commercial use only you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

Scroll to Top