Podcast: Data Protection: New Enforcement Powers – Time To Get Serious – 11 November 2009

November 23, 2009

Download the podcast here

The related online CPD questions are available here.

Professor Christopher Millard, Of Counsel, Bristows

David Smith
, Deputy Commissioner, Information Commissioners Office

New Commissioner, new powers – is it time for organisations to get serious about data protection compliance?

In this meeting, Deputy Commissioner, David Smith will focus on the new powers that will shortly become available to the ICO and how these may impact its approach to enforcement.

  • What is the likelihood of custodial sentences being imposed for deliberate or reckless misuse of personal data?
  • What does the ICO consider a “serious breach” for the purposes of issuing monetary penalties? How big could the fines be?
  • What will be the ICO’s approach to enforcement, and what will be its approach to auditing organisations for non-compliance?
  • How can the ICO’s “Privacy by Design” initiative keep organisations out of trouble by investing in compliance upfront?

Speakers Details:
David Smith is the Deputy Commissioner responsible for the data protection functions of the ICO. His role is to ensure that the ICO meets its goal of ‘strengthening public confidence in data protection by taking a practical, down-to-earth approach – simplifying and making it easier for the majority of organisations who seek to handle personal information well, and tougher for the minority who do not’. As well as providing data protection leadership across the ICO, David has specific responsibility for its Data Protection Practice and Development Divisions, Regulatory Action Division, and the Scotland Office based in Edinburgh.

Prior to his appointment as Deputy Commissioner in January 2006, David undertook a wide range of responsibilities as an Assistant Commissioner. These covered the setting up of a new Regulatory Action Division, leadership of a Strategic Policy Group and management of groups responsible for ensuring compliance with the Data Protection Act across different areas of the public and private sectors. David first joined what was then the Office of the Data Protection Registrar in 1990. Previously he worked as a District Officer for the public sector trade union NALGO.