Increased powers to fine for the ICO

The Ministry of Justice has finally had it’s say after last year’s data loss debacle. The MOJ, the Government department with ultimate responsibility for Data Protection, has firmly backed more extensive fining powers for the Information Commissioner’s Office.

Marketers will feel the impact in relation to email opt-in statements. Clear statements will be required and jargon will be outlawed; small print will also be a thing of the past.


Sharing lists with 3rd parties

Transparency when collecting data will be vital but one suggestion that data controllers should publish a list of the third parties to whom they release email data has been mitigated.

The MOJ thinks that Data Controllers should be able to argue confidentiality and market sensitivity and this will ensure that most data owners will be able to avoid publication.


More fines, bigger fines

The proposal is that the increased fines that can be levied will be in proportion to turnover and will mirror those levied by the FSA – so possibly in the millions for serious breaches.

The ICO has recently been prosecuting law firms (of all people) who have failed to notify their processing. The fines were all under £1,000 but would be significantly more under the new regime.

Surprisingly, there won’t be a statutory requirement to notify data breaches to the ICO in the MOJ’s recommendations but companies who fail to do so when a significant loss occurs may still be punished.

All this has yet to become law, of course, and the devil will be in the detail of any new regulations which will be laid before Parliament when time allows later this year.

So perhaps 2009 is a good time to sharpen up your opt-ins and get your Privacy Policy into plain English.