INDUSTRY FOCUS
ICO encouraging firms to put their heads in the 'sand'
The Information Commissioner's Office (ICO) plans to create a "regulatory sandbox" – a safe software testing environment - as part of its first ever technology strategy to help organisations build adequate data protection into their products before they are released.
The scheme forms part of the UK data watchdog's technology strategy which outlines eight priorities for the regulator between now and 2021, including educating both businesses and the public on emerging technologies such as AI (artificial intelligence) and Big Data.
One of those goals will be the creation of a sandbox that provides a means for organisations to test products and services they produce against the regulatory requirements enforced by the EU's General Data Protection Regulation (GDPR).
The ICO hopes this will allow for "data protection by design", where adequate safeguards can be baked into a product as it's being created.
The sandbox will draw upon an existing model that was deployed by the Financial Conduct Authority in 2016, which allows companies to test products, services, business models, and delivery mechanisms in a controlled environment to ensure consumer protections are in place.
Consultations with the tech industry on the creation of the sandbox are expected to begin later in the year.
The regulator also plans to tackle a lack of internal expertise in fields proving to be the most disruptive for businesses. This will involve the data watchdog committing to reskill and retrain its own employees. Specifically, the ICO wants to develop a better understanding of areas such as cyber security, artificial intelligence, big data, machine learning and the Internet of Things (IoT).
This will partly be remedied through the creation of technology apprenticeships at the ICO in partnership with UK universities, and by engaging with tech-focused professional bodies, academics, and industry and public sector networks, according to the regulator.
As part of this initiative, the ICO will create a two-year postdoctoral role looking at the effect of AI on data privacy. It will also establish an annual ICO conference on Data Protection and Technology to help showcase industry innovations, and a "panel of forensic investigators" that will support current regulatory investigations.
The 2018-21 strategy is underpinned by the idea that new technologies should not come at the expense of data protection and privacy rights, according to information commissioner Elizabeth Denham.
"Staying relevant in the context of ever changing technology must become a core component of the ICO's strategic goals, otherwise the ICO will fail to deliver the regulatory outcomes the public expect," said Denham.
The Technology Strategy will support an existing four-year Information Rights Strategic Plan announced in 2017 - an effort to increase public trust in government, public bodies and the private sector when it comes to user data.
