|An Example Situation
A large public sector organisation had been audited regarding compliance with the Data Protection Act 1998. As a result of this senior management needed assistance in implementing the findings of the audit, and to ensure all aspects of the law were being complied with.
The organisation holds and processes information, some of which is sensitive, about its customers / clients. This could be potentially harmful should it fall into the "wrong hands".
A key concern of senior management was that should they receive a formal enquiry or compliant they would be criticised for failing to complete even the basic level of work to demonstrate compliance. The latter can be subject to scrutiny by the Information Commissioner who has powers to stop data being used. This is not an option for a large public sector body. Furthermore senior management were also concerned that public confidence could suffer if information they provided was not being handled and protected appropriately.