Personal information is the cornerstone of every organisation – the ‘beating heart’ if you like. It’s how you communicate with the people who use your services, how you deliver those services, how you fix things that aren’t quite right. It’s a central part of your business, and it’s important that you know how to protect it. That’s where my office comes in. The Information Commissioner’s Office (ICO) is here to help. We offer advice and guidance about what you need to do with people’s information to keep it safe.
I’m new here. I took up my role as information commissioner at the start of 2022, having spent the previous eight years in New Zealand as privacy commissioner. In my first three months, I’ve been meeting businesses, central and local government, and civil society groups from across the UK, learning more about what you’re looking for from us at the ICO.
I’ve learned that you’re concerned about the level of change that’s happened over the last few years. You spent 2017 and 2018 preparing for the arrival of GDPR. You spent 2019 adapting to the new law. And the next two years were dominated by the pandemic. 2022 was meant to be an easier year, but instead you are faced with a government promising a shake-up of UK data protection law, and a new information commissioner.
I want to reassure you that my focus is on bringing certainty in what the law requires of you and your organisations, and in how my office acts.
I don’t believe the proposed reform should be seen as radical. The UK has a deep legal and cultural commitment to privacy, which traces its roots not to the GDPR or a European Directive but to common law formulations of fundamental rights that are centuries old. The proposed reforms can offer a streamlined law that still effectively protects people’s rights. And from a public sector perspective, there is nothing in the latest reforms that look to impose additional burdens.
And of course, once parliament has decided on the appropriate regulation, we at the ICO will devote ourselves to ensuring the transition from one law to another is as seamless and painless as possible.
We’re well equipped to do that. The people I’ve spoken with this year have told me that the ICO’s guidance is well read and well respected. But there is scope to bring greater certainty to what the law is right now.
I’ve heard a few ideas so far of how we might achieve that greater certainty. How could we improve our guidance, for example?
We all face challenges in relation to administration of Freedom of Information. How do we streamline that? How do we support you to make high quality decisions on FOI requests first time around?
I’ve quickly learned that, for now, the most important thing for me to do is listen. Listen to organisations, like yourselves in the public sector, about what you need from my office. And listen to people about their thoughts on data protection and freedom of information law – what we’re doing well and what we need to do better at. That’s why one of my first acts as commissioner was to begin my listening tour.
Even though the listening tour is still ongoing, one thing has already become clear. You want to be heard. There are always ways that we can improve the service that we offer you.
I want to hear from as wide a range as people as possible, and so far I’ve seen more responses to our online survey from business than from the public sector. I’m interested in viewpoints from across the spectrum of the people we regulate and protect.
I want you to see an ICO that is agile and curious. We want to move fast and fix things. I want you to see an ICO that preserves people’s rights. And I want you to see an ICO that brings you certainty in an uncertain world.
But to do that I need your thoughts. You can respond to our listening tour survey here.
John Edwards is the new information commissioner at the Information Commissioner’s Office. He started in January, taking over from Elizabeth Denham, who left in November 2021.