Following a statement by the then Parliamentary Under-Secretary of State for Human Rights, my hon. Friend the Member for Esher and Walton (Mr Raab) on 16 July 2015, I wish to inform the House that the triennial review of the Information Commissioner’s Office (ICO) that was announced in Parliament on Tuesday 25 November 2014, has been published today and a copy has been placed in the Libraries of both Houses.

The Government welcome the review’s positive assessment of the ICO’s contribution to the protection of personal data and the increased transparency in public life over the last 30 years. The review rightly notes the considerable strides the ICO has made in improving its performance in a number of areas against a challenging economic backdrop.

The review also recognises that the environment in which the ICO operates has changed considerably over the last decade due to the proliferation of digital information and rapid changes in technology. In turn, the ICO’s powers and functions have grown to meet this challenge. In response, the review concludes that the functions of the ICO are still required but recommends that the organisation should be restructured as a multi-member commission to encourage a greater breadth of decision-making and accountability.

The Government have considered the review’s recommendations very carefully. It agrees that the expansion in role highlighted by the review does necessitate a step change in governance and leadership at the ICO and that is why we welcomed the separate decision by the previous Information Commissioner, Christopher Graham, to widen the existing leadership cadre to allow for greater collective decision-making on regulatory matters.

However, the Government have decided that reconstituting the ICO as a multi-member commission is not the right change to make to its governance arrangements. The new Information Commissioner, Elizabeth Denham, took up post in July 2016. Her first priority is to ensure that the organisation is properly equipped to take forward the requirements of the general data protection regulation (GDPR), which will come into force in the UK in May 2018; and to provide clarity and certainty to businesses and organisations as they make preparations to implement the regulation. Alongside this is a need to prepare the organisation for any changes to data protection regulatory landscape after the UK exits the European Union.

Strong and stable leadership is crucial during a period of rapid organisational change and the Government believe that a single Information Commissioner working through an enhanced senior leadership team is the best model for achieving this. We therefore do not intend on making any statutory changes to the governance model of the ICO.

More broadly, the review recommended that the ICO improves its digital and technological capability to meet the economic and societal challenges posed by the rapidly growing digital economy. A number of improvements have been made over the last year, expanding the number of technology experts at the ICO and improving the visibility of technology in the ICO’s communications. This additional expertise has significantly strengthened the ICO’s investigation and enforcement capability in relation to cyber and other data protection breaches. The Information Commissioner is committed to publishing a refreshed technology strategy in 2017, including further investment in expertise available to the ICO and drawing on external knowledge through better research and collaboration with experts from academia and industry.

[HCWS238]