The Information Commissioner’s Office (ICO) is to deploy self assessment forms later this year.
Speaking at the launch of its 2013/2014 annual report this week, deputy chief executive officer Simon Simon Entwisle said it was “rolling out self assessment forms to help you look at your own compliance”.
He said: “People need to keep up to date with security, as it is not enough to say ‘we had some measures in place’; they need to be right ones.”
In a statement sent to IT Security Guru, the ICO said: “We are looking to launch a web based self-assessment tool for small and medium sized organisations this financial year to help them assess their own compliance with the Data Protection Act.
“It is planned that this will also include hints and tips and links to relevant ICO, and other external guidance. We are hoping to formally launch the concept at our SME conference in September.”
Commenting, barrister and solicitor Stewart Room told IT Security Guru that he was a big fan of initiatives like this.
He said: “To me, this is good regulation and I would like to see more initiatives that give smaller controllers useful tools to help them get on top of data protection compliance and risks.
“Of course, self assessments have their draw backs, particularly because the results can be warped or adjusted with ‘creative’ answers, but that’s the nature of the beast. The upsides are much greater than the downsides if controllers are honest, which most are.”
Jon Baines, chair of the National Association of Data Protection Officers, agreed that this was a good thing, and said he would like to see it used along similar lines for privacy impact assessments, and to help embed good practice and raise privacy/data protection awareness within organisations.