The Information Commissioner's Office initiative to promote safer data handling practices within organisations has been cautiously welcomed.
Mike Gillespie, managing director of Advent IM, welcomed the Personal Information Promise and described the move as ‘encouraging', though he believed that the government could be capable of setting a good example.
Gillespie said: “It is very easy for businesses to display their commitment to this type of concept and promise something very similar to their clients. My feeling is that the ICO should focus on the government setting the example in the first instance rather than approaching the end business as a solution to the ever-frequent data loss threat.
“By getting buy-in from the government, the ICO can look to then approach the blue chip companies and gradually work down to the various merchants.
“However, it does beg to question how much more an organisation is going to do voluntarily, than they should already be committing to as part of their legislative obligations. Arguably, many companies will see this Promise as a pure marketing tool.”
The Personal Information Promise is a voluntary charter that would allow businesses and government departments to ‘demonstrate their organisation's senior level commitment to data protection'. Several key commitments are listed, including a promise to ‘keep personal information to the minimum necessary and delete it when we no longer need it' and to be ‘open with individuals about how we use their information and who we give it to'.
Gillespie claimed that without the appropriate strategy in place, another large data loss is inevitable.
“It will just be interesting to see with who or where the prosecution lies, if at all. How will they be punished and how do the victims regain their data, with confidence and compensation?” said Gillespie.