The work of the Information Commissioner: appointment of a new Commissioner - Justice Committee Contents


2  The role of the Information Commissioner

Background

5. The role of Information Commissioner was created in January 2001 following the passing of the Freedom of Information Act 2000. The Commissioner's role absorbed that of the Data Protection Registrar, which formerly undertook responsibilities arising out of the Data Protection Act 1998. In evidence to the Committee, Mr Richard Thomas, the current Information Commissioner (whose tenure spans both roles), described the additional responsibility as a "fundamental change" to the organisation.[5]

6. The Information Commissioner is a "corporation sole" with the powers, authority, duties and responsibilities of the role vested in one person and passing from one holder of that role to another.[6] The Information Commissioner's Office (ICO), which supports the Commissioner in his work, is a non-departmental public body sponsored by the Ministry of Justice (MoJ).[7] Although the Commissioner operates independently in the exercise of his statutory functions, some issues require the approval of the Secretary of State such as funding and the level of notification fees.

7. The new Information Commissioner will head an organisation employing 250 staff in Wilmslow, Northern Ireland, Scotland, Wales and London. The current Commissioner and the Ministry of Justice both predict that this number would grow. In 2008 the ICO handled over 26,000 data protection complaints, 2,600 freedom of information (FOI) complaints, 115,000 phone calls and 40,000 notifications from data controllers, in addition to 260,000 notification renewals.

8. The details of the job description and person specification as formulated for the selection process undertaken by the MoJ are annexed to this report (Annex B). The salary for the new Information Commissioner will be £140,000 a year.

Appointment and tenure

9. HM the Queen appoints the Commissioner by Letters Patent, on advice from the Prime Minister (who is, in turn, advised by the Secretary of State for Justice following a selection process undertaken by his Department—validated by the Office of the Commissioner for Public Appointments—and scrutiny by this Committee). The appointment is for a five year term. Mr Thomas, the current Information Commissioner, steps down from the role at the end of his five year term in June 2009. The Information Commissioner may only be relieved of the post by Her Majesty at the Commissioner's own request or following an Address by both Houses of Parliament.

10. This Committee has recommended in two reports that the Information Commissioner become directly responsible to, and funded by, Parliament to protect the independence of the role. This recommendation has been rejected by the Government.[8]

Current responsibilities

11. The Information Commissioner enforces and oversees the Data Protection Act 1998, the Freedom of Information Act 2000, the Environmental Information Regulations 2004[9], and the Privacy and Electronic Communications Regulations.[10] The Information Commissioner describes his main functions as: educating and influencing (promoting good practice and giving information and advice), resolving problems (resolving eligible complaints from people who think their rights have been breached) and enforcing (using legal sanctions against those who ignore or refuse to accept their obligations).[11]

DATA PROTECTION

12. The Data Protection Act 1998 allows individuals access to personal information held on them, by both public authorities and private organisations, and requires all organisations that process such data to comply with eight principles, making sure that personal information is:

13. All organisations which process such data are required to notify the Information Commissioner who enters their details on a public register. They are currently charged an annual fee of £35 which funds the Commissioner's data protection work. In the near future the flat-rate will change to a system of graduated fees relating to size of organisation, which will be designed to deliver increased funding for the regulation of data protection. Failure to notify is an offence and ignorance of the law is not a defence.

14. The data protection powers of the Information Commissioner are:

15. The Criminal Justice and Immigration Act 2008 amended the Data Protection Act to grant the Information Commissioner powers to impose substantial fines on organisations which deliberately or recklessly breached data protection rules. These provisions have not yet been brought into force.

FREEDOM OF INFORMATION

16. The Freedom of Information Act 2000 was implemented in January 2005. It gave people the general right of access to information held by over 100,000 "public authorities" in the UK. Once an application is made, the public authority has 20 working days to respond to the request or notify the individual making the request why the information required is exempt. The Act recognises that there will be valid reasons why some kinds of information may be withheld, such as if its release would prejudice national security or legitimate commercial confidentiality. Public authorities can also refuse an FOI request if the resources required to collate the information would be 'disproportionate'.

17. All public authorities, and companies wholly owned by public authorities, have obligations under the Freedom of Information Act and the Information Commissioner is responsible for guidance on set procedures for responding to requests. The Commissioner receives complaints about public authorities' conduct of their responsibilities. After investigation the Information Commissioner will make a final assessment as to whether or not the relevant public authority has complied with the Act. Enforcement action may be taken against public authorities that repeatedly fail to meet their responsibilities under the Act.

18. The Information Commissioner's freedom of information activity is funded by grant-in-aid from the Ministry of Justice. Cross-subsidy between data protection and freedom of information is not allowed.

Potential responsibilities

19. The Coroners and Justice Bill was introduced on 14 January 2009. It contains provisions creating new duties and responsibilities for the Information Commissioner in relation to data protection. Principal amongst these are:

20. In a complementary development, the Government, following a recommendation by this Committee, has announced a commensurate increase in the Information Commissioner's income stream from data controllers by moving from a flat-rate £35 per notification to a variable rate depending on size of organisation.[13]

The candidate

21. Mr Christopher Graham has been the Director-General of the Advertising Standards Authority (ASA) since 2000. The ASA is an independent body established by the advertising industry to police the rules laid down in the advertising codes of practice drawn up by the industry to protect consumers and create a level playing field for advertisers. Most of the ASA's work is in resolving complaints using the industry codes but persistent offenders can be referred to Ofcom, or the Office of Fair Trading, as appropriate. In 2007 the ASA received 24,192 complaints about 14,080 advertisements across all media; a 9 per cent. increase on 2006.

22. Previously Mr Graham was a BBC journalist, then an editor and producer in politics and news programming. He moved into BBC corporate governance in 1995, first as Deputy Secretary, and then Secretary, of the BBC Governors. Mr Graham is a non-executive director of Electoral Reform Services Ltd, a not-for-profit supplier of independent nomination, balloting and other election-related services. He is also a lay representative on the Bar Standards Board, the body that regulates barristers in England and Wales in the public interest.


5   Q 2 Back

6   Other such 'corporations sole' in the UK are: the Crown, the Auditor General for Wales, the Chief Inspector of Criminal Justice, the Official Custodian for Charities, the Police Ombudsman for Northern Ireland, the Public Services Ombudsman for Wales, and the Traffic Director for London. Back

7   For the purposes of clarity we use the term 'role' to refer to the office of Information Commissioner and the term 'office' when referring to the Information Commissioner's supporting organisation. Back

8   Cm 6937, October 2006 Back

9   Environmental Information Regulations 2004 (S.I., 2004, No. 3391); and see Directive 2003/4/EC on public access to environmental information (O.J., No. L 41, 14 February 2003, p.26) Back

10   The Privacy and Electronic Communications (EC Directive) Regulations 2003 (S.I., 2003, No. 2426) and see Directive 2002/58/EC (which the Regulations implement) which is designed to 'particularise and complement' Directive 95/46/EC itself implemented by the Data Protection Act 1998. Back

11   www.ico.gov.uk Back

12   www.ico.gov.uk Back

13   Ev 20 and see Justice Committee, Second Report of Session 2008-09, Coroners and Justice Bill, HC 185, paragraph 20 Back


 
previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2009
Prepared 9 February 2009