Report of the Independent Surveillance Review
•
89
People understand how their personal information is used and are able to take
steps to protect themselves from its misuse.
4.72
The ICO also has some oversight of the Data Retention Regulations 2014, in light of
a requirement to audit compliance with requirements and restrictions relating to the
‘integrity, security or destruction’ of data retained by CSPs. Since the 2006 report on
the Surveillance Society prepared for the ICO,48 the commissioner has been engaged
in dealing with some of the issues raised around safeguards for privacy and effective
regulatory oversight, not only in the context of intelligence and surveillance issues, but
also in terms of the use of data by commercial organisations.
4.73
The ICO believes that it is for Parliament to decide what an oversight regime should look
like, and sees effective oversight and redress as being absolutely essential for public
trust and confidence.49
4.74
The ICO can report serious wrongdoing to the police, and has limited powers of sanction.
In 2013–14, the ICO issued civil monetary penalties against a number of public and
private authorities for failing to keep personal data secure – including Glasgow City
Council, Nationwide Energy Services, NHS Surrey and the Ministry of Justice.
Figure 6: Reasons for Complaints to the Information Commissioner’s Office.50
2012–13
(%)
2013–14
(%)
Subject access
47
50
Disclosure
19
17
Inaccurate data
16
15
Security
6
6
Fair processing
2
2
Use of data
3
2
Right to prevent processing
2
2
Retention of data
1
1
Obtaining data
2
1
Excessive/irrelevant data
1
1
48. Surveillance Studies Network, ‘A Report on the Surveillance Society’, Summary Report,
2006.
49. Information Commissioner’s Office submission to the ISR.
50. Graham, Information Commissioner’s Annual Report and Financial Statements 2013/14, p.
14.