Christopher Graham has used his final annual report as Information Commissioner to point to a rise in complaints over data protection — and flag uncertainty over data protection law in the wake of Britain’s decision to quit the European Union.
The Information Commissioner’s Office (ICO) received over 16,300 reports of data protection concerns in 2015-16, according to the latest figures, a 15% rise on the previous year.
The ICO’s annual report also shows an increase in the number of complaints it received over the use of the Freedom of Information Act — from 4,976 to 5,181 — and in the number of incidents of data loss reported by organisations.
Info commissioner criticises FoI ‘nonsense’ by ‘Whitehall insiders’
Freedom of Information review: ministers reject charging for requests – but commission recommends tightening of rules around policy formulation
In 2015-16, the ICO received 1,954 reports of data protection breaches by organisations, a 17% increase on the previous year.
The most common reasons for a data protection incidents were theft or loss of paperwork, and personal information being posted or faxed to the wrong person. Just 8% of the incidents were due to insecure webpages and hacking.
Most complaints about FOI related to local government organisations — although the proportion of complaints about this sector had fallen from 46% of all complaints in 2014-15 to 40% in 2015-16.
The proportion of complaints about central government organisations also fell, while the proportion of complaints about the police and criminal justice sector rose from 11% of the total to 16%.
In his foreword to the report, Graham, who stepped down from the helm of the ICO this week, also referred to uncertainty over data protection regulation as a result of the UK’s vote to leave the EU. A new data protection framework takes effect across the EU from May 2018.
Graham said: “We now need to consider the impact of the referendum on UK data protection regulation. It is very much the case that the UK has a history of providing legal protection to consumers around their personal data which precedes EU legislation by more than a decade, and goes beyond current EU requirements.”
Graham also commented on the findings of the Burns Commission on Freedom of Information, which reported earlier this year. Graham said his office had provided “detailed and objective evidence” to the commission and “welcomed the conclusion of the independent review that, by and large, the legislation is working well”.
The government published transparency data this week showing that the total expenditure of that independent commission was £155,744.
Elsewhere in his report, Graham also reflected on recent machinery of government changes which saw responsibility for the Whitehall sponsorship of the ICO shift from the Ministry of Justice (MOJ) to the Department for Culture Media and Sport (DCMS), and responsibility for Freedom of Information move from the MoJ to the Cabinet Office.
He said his office was “glad” to be working alongside the same team of officials who had moved from MoJ to DCMS, and that “changes that might have been disruptive have in fact gone well”.
Graham is to be succeeded at the ICO by Elizabeth Denham, who has served as the Information and Privacy Commissioner in British Columbia, where she repeatedly called for the introduction of a legal “duty to document” which would counteract the tendency for senior officials to conduct meetings and take decisions verbally with no written record.