The Information Commissioner has reiterated his stance that compulsory data protection audits should take place for the private sector, local government and the NHS in order to improve how personal data is handled. At present, the Information Commissioner’s Office (ICO) must obtain consent from the data controller before an audit can take place unless the audit is for a central government department (in which case an audit can take place without the need for consent). Up to July 2011, only 19% of businesses contacted by the ICO had agreed to be audited.
Of particular concern in the pharmaceutical sector is that out of 47 undertakings that the ICO has agreed with organisations that have breached the Data Protection Act since April, 40% of those have been in the healthcare sector.
The ICO’s press release can be found here.