Evidential support for statements made by the ICO

The request was successful.

Dear Information Commissioner’s Office,

http://www.publicservice.co.uk/news_stor...

In the above news report regarding data breaches and associated fines against NHS bodies on publicservice.co.uk, a spokesperson for the ICO said that rather than detract from the services provided by NHS bodies, such fines "discourage others from making the same data protection mistakes".

Please could you provide me with the evidence which supports this statement.

Yours faithfully,

Alex Hydell (Miss)

Information Commissioner's Office

PROTECT

2nd November 2012

Case Reference Number IRQ0471275

Dear Miss Hydell

Request for Information 
 
Thank you for your correspondence dated 1 November 2012. 
 
Your request is being dealt with in accordance with the Freedom of
Information Act 2000.  We will respond promptly, and no later than 29
November 2012 which is 20 working days from the day after we received your
request.
 
Should you wish to reply to this email, please be careful not to amend the
information in the ‘subject’ field. This will ensure that the information
is added directly to your case. However, please be aware that this is an
automated process; the information will not be read by a member of our
staff until your case is allocated to a request handler.

Yours sincerely

Jolyon Stone
Lead Information Governance Officer

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

Ben Jones left an annotation ()

Alex,
If you follow the link within the article that you quote, you will see the specific attributed quote is infact a little different and reads:

But responding to the comments the Information Commissioner's Office said fines, which are imposed for serious breaches of the Data Protection Act, acted as "a very important way to discourage others from making the same data protection mistakes".

Seems an entirely sensible suggestion and somthing of a given - although if you want recoded information I'd imagine the organsations themselves might hold more about whether fines discourage them from making the same mistakes as others.

Information Commissioner's Office

PROTECT

13 November 2012

Case Reference Number IRQ0471275

Dear Miss Hydell

Dear Miss Hydell,
 
I am writing further to our previous correspondence about your request,
for the evidence which supports a press statement referred to in the link
you provided. We are dealing with your request under the Freedom of
Information Act 2000 (FOIA).
 
As we understand it, the ICO press statement you refer to is understood to
have been as follows:
 
“Caldicott questioning of NHS monetary penalties
 
Issue
 
In October 2012 Christopher Fincken, chairman of the UK Council of
Caldicott Guardians, said that the civil monetary penalty that the ICO
levies on NHS bodies for data breaches “effectively come out of funding
patient care” and questions whether that is right.
 
Lines to take 

* The monetary penalties we issue are a very important way to discourage
others from making the same data protection mistakes. The best way a
public authority can protect taxpayers’ money is by not being lax in
the way it looks after personal information in the first place.

 
The Commissioner will take into account the factors set out in the
statutory guidance on a case by case basis to determine an appropriate
penalty. The sector, size, financial and other resources of the data
controller and the nature and impact of the breach will all be considered
before determining the amount of a monetary penalty.
 
The nature of a civil monetary penalty against an NHS body is that the
fine does come from taxpayers’ money, but it is important to realise that
the money stays in the public purse, and is paid into the Treasury’s
Consolidated Fund. Nothing is kept by the Information Commissioner’s
Office.”
 
Information held
 
Having checked with colleagues in the Commissioner’s Enforcement
department and the press office, in answer to your request this statement
is derived from the Commissioner’s statutory guidance on civil monetary
Penalties (CMPs), which is published on the ICO website at the following
link:
 
[1]http://www.ico.gov.uk/what_we_cover/taki...
 
You will note that the guidance contains numerous references to the use of
fines (CMPs) as a deterrent. I hope this is of help to you.
 
If you are dissatisfied with the response you have received and wish to
request a review of our decision or make a complaint about how your
request has been handled you should write to the Information Governance
Department at the address below or e-mail
[2][email address]
 
Your request for internal review should be submitted to us within 40
working days of receipt by you of this response.  Any such request
received after this time will only be considered at the discretion of the
Commissioner.
 
If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further right
of appeal to this office in our capacity as the statutory complaint
handler under the legislation. To make such an application, please write
to the First Contact Team, at the address below or visit the ‘Complaints’
section of our website to make a Freedom of Information Act or
Environmental Information Regulations complaint online.
 
A copy of our review procedure is available [3]here.
 
Yours sincerely
 
Steven Dickinson                 Lead Information Governance Officer
 
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF.
 
 
 
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

References

Visible links
1. http://www.ico.gov.uk/what_we_cover/taki...
2. mailto:[email address]
3. http://www.ico.gov.uk/about_us/~/media/d...