ICO plans test lab to enable 'data protection by design'

DataIQ News

The Information Commissioner's Office plans to create a "regulatory sandbox", which will enable organisations to test their products and services against the regulatory requirements so that they can build in adequate data protection measures before launch.

The scheme forms part of the regulator's new Technology Strategy, which will run until 2021, and support the four-year Information Rights Strategic Plan announced in last year.

Both initiatives are designed to increase consumer trust in how both the public and private sectors handle data.

The sandbox replicates a scheme that was launched by the Financial Conduct Authority in 2016, which allows finance firms to test products, services, business models, and delivery mechanisms in a controlled environment to ensure consumer protections are in place.

Consultations with the tech industry on the creation of the sandbox are expected to begin later in the year, with the ultimate aim of creating "data protection by design".

The regulator has also vowed to tackle the lack of internal expertise in emerging fields such as cyber security, artificial intelligence, big data, machine learning, and IoT, and has committed to reskill and retrain its own workforce.

As part of this strategy, the regulator will appoint experts from other organisations on secondment as well as establish technology apprenticeships with universities and other education providers.

The ICO will also create post-doctoral scheme to increase in-house expertise and give staff easy access to advice. The first position will be a two-year progamme to investigate the impact of AI on data privacy.

In the document, Information commissioner Elizabeth Denham said: "Staying relevant in the context of ever changing technology must become a core component of the ICO's strategic goals, otherwise the ICO will fail to deliver the regulatory outcomes the public expect."