The health sector tops the list of areas targeted for enforcement by the Information Commissioner’s Office. This is in the ICO’s latest information rights strategy. As well as health are the credit and finance, criminal justice, Internet and mobile services, and security sectors.
The ICO sets out a plan of 5 Es: eduate, empower, engage, enable and enforce. It is not purely about enforcement as it wants to educate and help too, but that is clearly the end result if there are problems. It wants to target its limited resources to the areas in which it perceives are the greatest need to act to protect individuals. It will consider the volume, nature and sensitivity of the data and the number of people affected. Ultimately, it will consider what is in the public interest.
The ICO wants to ensure that its activities are conducted transparently, proportionately, consistently, targeted and in an accountable way. It also wants to see a high proportion of the public aware of their privacy rights and how to enforce them.
The Information Rights Strategy can be found here: http://www.ico.gov.uk/about_us/plans_and_priorities/information_rights_strategy.aspx.