ICO to publish guidance on big data

The Information Commissioner's Office (ICO) has revealed it will soon publish data protection guidance for businesses around big data.

At an event marking the publication of its annual accounts, where the data regulator said that it dealt with a record number of cases last year, the ICO said that new technology was raising more data protection issues. For example, it recently published guidance on wearables.

"It's not just the technology itself," David Smith, deputy commissioner at the ICO, said at the event in London today.

"It's more about how the technology is applied. So big data is an issue, and there will be a big data publication shortly."

Network security company iboss said that it would be useful for this publication to contain guidance on things like advice on what physical security technology and encryption techniques companies should have in place to protect information being used for big data purposes.

"We'd like to see guidance on how to anonymise personal data and the guidance around mitigating risk," said Simon Eappariello, SVP EMIEA at iboss.

He added: "We'd like to see more guidance on what companies need to do when something happens to the big data they're storing and how they respond to that in the necessary time frames."

Record number of cases

The ICO's annual report shows that the regulator resolved 15,492 data protection complaints in 2013/14, and decided on 5,296 freedom of information (FoI) complaints, representing an 8.5 percent and 11.9 percent increase, respectively, compared with the previous year.

"The ICO has been processing record numbers of complaints," information commissioner Christopher Graham said in the report.

"But in order to be an effective partner in delivering modern and innovative services, the ICO needs stronger powers, a more sustainable funding system and a clearer guarantee of independence," he said.

Graham said that funding for the ICO from the Ministry of Justice (MoJ) has been cut every year since he became information commissioner in 2009.

He added: "We need to be able to audit any and all data controllers and public authorities for compliance with information rights laws. People who steal others' personal information need to face the prospect of a prison sentence. And private contractors undertaking public functions should be no less transparent and accountable than their public sector equivalents."

More power, greater independence

As well as making a case for more resources, Graham called for the government to make the ICO an "officer of Parliament", so that it is regarded as more than just an arms-length body. This would also give it greater power when investigating large, central government departments, he said today.

Robert Horton, director at information assurance firm NCC Group, said that the ICO might be more effective if it introduced more practical regulation, over "vague high-level benchmarks".

"Businesses need a clear set of security requirements to work towards, rather than vague high-level benchmarks. The ICO has in the past looked to introduce a privacy seal scheme, and something of this sort would be very much welcomed."

He added: "The ICO should also take a more proactive approach to incident investigation through industry partners, as the payment card industry does, to independently verify the scale of any breaches or data loss."