ISACA applauds plan to boost Information Commissioner's Office powers

Rolling Meadows, IL, USA, June 2009 (Eskenzi PR) – ISACA (formerly the Information Systems Audit and Control Association), a not for-profit organisation that seeks to encourage best practice in the ITsecurity industry, has given the `thumbs up' to plans to significantly increase the powers of the Information Commissioner's Office (ICO) later this year.

"Last July, in his outgoing report, Information Commissioner Richard homas criticised the EU data protection directive - which underpins the UKs Data Protection Act - for effectively showing its age," said Vernon Poole, CISM, Member of ISACA’s Information Security Management Committee and Head of Business Consultancy for Sapphire.

"Reports now suggest that the UK Government will enhance the powers of the ICO, allowing it to raise penalties against data controllers, under Section 55A of the Data Protection Act," he added.

According to Vernon Poole, under Section 55A of the Act - which the Ministry of Justice has reportedly set an internal target for implementation on for later this year - the Information Commissioner will be able to impose penalties on companies that fail to protect their data, when that data is subsequently lost.

Current Government practice, he says, is to provide statutory guidance at least 12 weeks before the legislation comes into force.

The original game plan, he explained, was for the penalties to be published in March of this year, ready for Section 55A of the Act to become law this month.

These dates have now passed, he says, but if the internal target is to pass the legislation amendment before the Parliamentary summer recess, then Section 55A could become law by the late Autumn of this year.

"This is good news as, at that stage, we will coming up on the second anniversary of the infamous loss of 15,000 pension customer details on a CD-ROM mailed between HMRC's offices in Newcastle and Edinburgh," he said.

"That incident became the milestone which started off a chain of reports of data losses in the public and private sector in the UK and effectively triggered the amendments to the DPA we now know as Section 55A," he added.

For more on the DPA Section 55A plans:

For more on ISACA:

With more than 86,000 constituents in more than 160 countries, ISACA® ( is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance of IT, and IT-related risk and compliance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA® Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor™ (CISA®), Certified Information Security Manager® (CISM®) and Certified in the Governance of Enterprise IT® (CGEIT®) designations.

ISACA developed and continually updates the COBIT®, Val IT™ and Risk IT frameworks, which help IT professionals and enterprise leaders fulfill their IT governance responsibilities and deliver value to the business.