It’s time for a Data Protection Offenders Register

Is the UK Office of the Information Commissioner (ICO) effective in helping ensure that our data protection legislation is respected and complied with consistently?

My view is that the ICO needs to have an additional sanction that it can apply when data protection legislation is breached. This would take the form of a Data Protection Offenders Register.

Individuals would be added to the Register if they were responsible for data protection breaches where avoidance of the breach was within their control. Such individuals would be barred, for a designated period, from working in any position or role where they had access to information covered by the UK Data Protection Act and would not be allowed to manage or supervise anyone who had access to such data.

The idea of a Data Protection Offenders Register isn’t new. published an article along these lines by Toby Stevens in 2011.