Consultation outcome

Extension of the Information Commissioner’s powers under the Data Protection Act 1998

This consultation was published under the 2010 to 2015 Conservative and Liberal Democrat coalition government

This consultation has concluded

Download the full outcome

Detail of outcome

Based on evidence presented by the Information Commissioner and the responses from NHS bodies and others to the consultation document, the government believes a compelling case has been made for extending the Information Commissioner’s Office’s powers of compulsory audit to public authority NHS bodies.

This will be done by way of a Designation Order, SI 2014/3282, entitled, ‘Data Protection (Assessment Notices) (Designation of National Health Service Bodies) Order 2014’. The Order comes into effect on 1 February 2015.

Original consultation

This consultation ran from to

Summary

We are seeking views from data controllers on our proposal to extend the commissioner's powers to carry out compulsory assessments.

Documents

Consultation document: extension of the Information Commissioner’s Powers

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (eg a screen reader) and need a version of this document in a more accessible format, please email web.comments@justice.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Information Commissioner’s Code of Practice on Assessment Notices

This file may not be suitable for users of assistive technology. Request an accessible format.

If you use assistive technology (eg a screen reader) and need a version of this document in a more accessible format, please email web.comments@justice.gsi.gov.uk. Please tell us what format you need. It will help us if you say what assistive technology you use.

Consultation description

This consultation paper sets out our proposal to extend the powers of the Information Commissioner (ICO) to carry out compulsory assessments of NHS bodies’ compliance with the Data Protection Act 1998 and its data protection principles. It seeks views from data controllers in the health service and in health and social care across the United Kingdom.

The proposals are informed by the Information Commissioner’s experience working with NHS bodies to improve their compliance with data protection law.