Skip to main content

Data Protection

Volume 487: debated on Wednesday 28 January 2009

To ask the Secretary of State for Justice if he will bring forward proposals to give powers to the Information Commissioner to audit data controlled in the (a) private and (b) voluntary sectors. (251185)

The Information Commissioner already has powers to check and enforce the compliance of data controllers in the private and voluntary sectors with the Data Protection Act 1998 (DPA).

The Information Commissioner may issue an Information Notice under the DPA on any data controller to assess compliance with the data protection principles. If the Information Commissioner is satisfied that a data controller is contravening the data protection principles, he may issue an Enforcement Notice requiring the data controller to take action to ensure compliance. Failure to comply with either of these Notices is a criminal offence. Schedule 9 of the DPA also allows the Information Commissioner to apply for a warrant to enter and inspect the premises of any data controller he reasonably suspects to be in contravention of the data protection principles or committing an offence under the DPA.

The Information Commissioner may also currently undertake a Good Practice Assessment under s51 (7) of the DPA to assess the data processing procedures of any data controller, providing he has obtained their consent.