The document will guide its activities overall, prioritising the
use of its resources which it said were not sufficient to do
everything it could in the data protection arena.
"Being a strategic regulator means that, in so far as we have a
choice, we have to be selective with our interventions," said the
strategy document. "We will therefore apply our limited resources
in ways that deliver the maximum return in terms of a sustained
reduction in data protection risk. That is the risk of harm through
improper use of personal information."
The ICO said that it would concentrate more on the avoidance of
this risk than strict enforcement of the law. "We are not seeking
compliance with the law as an end in itself," it said. "Making our
vision a reality means minimising data protection risk for
individuals and society. The law is the main tool we have at our
disposal to achieve this, but we go further and promote good
practice."
"We cannot address all areas of data protection risk equally,
nor should we attempt to do so," it said.
The ICO identified a number of areas in which it will
concentrate its attentions. These include fighting the unlawful
trade in personal information, battling the increasing surveillance
of UK residents, monitoring increasing information sharing between
organisations and undertaking data protection supervision.
"One consequence of our approach is the likelihood that we will
need to devote proportionately more of our policy work to
developments in the public sector than to developments in the
private sector," it said. "This is a recognition of where the most
serious data protection risks can arise."
The ICO said that it would try to prioritise, but that some
judgments involved a degree of subjectivity.
"We will give priority to tackling situations where there is a
real likelihood of serious harm to individuals or society," it
said. "The necessary judgements especially about seriousness are
not always easy. Loss of privacy can qualify as a harm in its own
right, but there are difficult issues of objectivity and
subjectivity. Some individuals value their privacy more than
others. Our approach will be as objective as possible."
The ICO has consistently argued for more resources and greater
powers. Information Commissioner Richard Thomas has warned that the
UK is becoming a surveillance society and has said that he needs
more staff to tackle the problems of privacy and data
protection.
Thomas submitted a proposal to Government in January of this
year asking for a new offence to be created of recklessly or
knowingly breaching data protection principles, which would be
punishable by unlimited fines.
He also asked for the power to put an immediate stop to data
processing by any organisation that he thought was "seriously
unlawful".
