The Information Commissioner’s Office should be able to conduct compulsory audits of data protection in the NHS, local government and the private sector, information commissioner Sir Christopher Graham has said. Compulsory audits are currently confined to central departments.

Speaking to CSW, Graham said: “There is so much the health service and local government needs to do in terms of shared services, joined-up policy-making, joined-up service delivery – and that depends on sound data protection practice and public confidence that personal information is being properly handled. Frankly, public confidence is pretty low”.

Graham also wants the power to audit businesses. “I’m not just bashing the hard-pressed public sector; I’ve also got financial services companies in my sights,” he said. Most complaints to the ICO “are about banks and building societies. There are also worries about the way that personal information is being used by insurance companies.”

The ICO agrees with organisations in advance the areas that will be audited and whether the outcome will be published, and would retain these rules if its powers are extended. Graham is preparing its case to put to ministers.

Click here to see all news and features from Civil Service World

Written by CSW