Information Commissioner Elizabeth Denham has said her office is continuing to adjust its approach to data protection regulation for the public sector in responding to the Covid-19 pandemic.
The Information Commissioner’s Office (ICO) has also updated its regulatory approach document as a step towards returning to its approach before the pandemic, but with caveats and exceptions that reflect the current pressures.
Denham says that, while the ICO will take action against organisations clearly breaking data protection laws, it is also offering support for those that are looking to innovate and do things differently while staying within the rules. This has included working with public authorities and supermarkets that want to share information to support people who have been shielding through the pandemic.
“Measuring the success of regulation by how many organisations are penalised ignores the commitment and dedication I see every day from organisations that work hard to use personal information responsibly to achieve their goals,” she says.
“I know many of you are focused on economic recovery plans now, and as your organisations recover, my regulatory approach will adjust to take account of increasing operational resilience.”
Risks and flexibility
Features of the regulatory approach document include a recognition that public bodies have to react quickly to new risks, and a statement that the ICO will be flexible in its approach, taking into account the burden its actions could possible impose. Also, in deciding whether to take action against apparent non-compliance, it will consider whether this results from the pandemic.
But it also makes clear that, as the pressure from the pandemic has eased, it expects public authorities to move some resources back into dealing with information rights complaints.
Other plans include the publication of guidance on data sharing and accountability, to follow that on the use of artificial intelligence and the publication of a self-assessment freedom of information toolkit.