A potential new chief for the office of the information security watchdog has been named, following news that the current Information Commissioner, Richard Thomas, is expected to retire in June.
Thomas will be replaced by Christopher Graham, currently the director general of the Advertising Standards Authority, but only if the incomer is judged as being suited for the post by the Justice Select Committee of the House of Commons.
Graham joined the advertising regulator in 2000. He was previously secretary of the BBC.
Richard Thomas has quietly morphed the position of privacy and security tsar into a high profile role.
He has taken a hard line issuing warnings to organisations for failing to comply with security mandates, and has slapped fines on those that have been unable to tighten the processes used to collect and secure information about people.
Thomas has campaigned tirelessly for greater powers to fine and investigate those suspected of contravening the Data Protection Act. Businesses that break the terms of the 1998 Act can now be fined up to £5,000 by privacy watchdog. The ICO is now lobbying for tougher penalties, perhaps as much as 10% of the revenues of offending companies.
Under Thomas’ stewardship the ICO has successfully worked with other enforcement agencies to seek out data security malpractice.
In a landmark case in 2007, Nationwide one of Britain’s biggest building society was fined nearly £1m by the Financial Services Authority for lapses in data security.
Another change fostered by Thomas means that the ICO is now permitted to perform spot checks on public bodies without prior warning.
The ICO has just published a code of practice in order to encourage companies to be clear and fair about how they will use data.