Public Services > Central Government

ICO wants to build a cyber security community

Matteo Natalucci Published 13 April 2018

Elizabeth Denham outlines her vision on data security and privacy at the NCSC’s CYBERUK event


The Information Commissioner Elizabeth Denham shared her thoughts about cyber security and data protection at the National Cyber Security Centre’s (NCSC) CYBERUK 2018 even in Manchester.

Denham recognised that innovation is essential in the digital economy and announced, “We are establishing a ‘regulatory sandbox’, for you to develop innovative digital products and services, whilst engaging with us to make sure the right safeguards are in place. As part of the sandbox process we will advise you on mitigating risks and data protection by design”.

The sandbox is in the development stages and is expected to be launched in 2019.

It was announced that the ICO aims to build a new cohort of in-house experts by:

  • Developing new technology training programmes for its staff.
  • Introducing an ICO apprenticeship scheme, focussing on cyber security.
  • Expanding its in-house laboratory.
  • Running a secondment scheme, offering the chance to learn valuable new skills and to experience life in a different context

Commenting on Brexit in the context of data protection, Denham said “whilst the final legal relationship between the EU and the UK is one for the politicians, there is no doubt that achieving a treaty arrangement or an adequacy decision with the EU represents the simplest way of ensuring the continued frictionless flow of data between the EU and the UK.”

She added: “There is equally no doubt that having domestic laws that achieve a high standard of data protection and are broadly consistent with EU ones will be a significant advantage.”

Addressing the topic of privacy, the information commissioner said data security and data privacy have always been linked.

Denham said, “Privacy depends on security. All modern data protection principles include an obligation to protect personal data”.

“Security has been recognised in every significant codification of data protection, including the current Data Protection Act and the upcoming EU General Data Protection Regulation,” Denham added.

She said, “The new legislation also makes “data protection by design” a legal requirement, as well as the use of data protection impact assessments. The ICO has promoted privacy by design for years, and there’s plenty of guidance on our website.”

Denham also stressed the need of co-operation in the sector.

She said, “If left solely to the technology teams, security will fail through lack of attention and investment”.

“These companies may have the best policies in the world – but if those policies are not enforced, and personal data sits on unpatched systems with unmanaged levels of employee access, then a breach is just waiting to happen.” she said.

The commissioner also highlighted the role of teamwork at the boardroom-level.

Denham suggested, “Your data protection officer, your chief technology officer, and your chief information security officers should never be strangers. They may not be BFFs but they need to get along and respect one another’s briefs. Cyber-security is a team sport.

“Your board should approach every decision with an awareness of its impact on the security of your technology and information assets,” she said.

Denham discussed about the role of agile and multi-disciplinary partnerships with other regulators and official bodies in enhancing UK cyber security.   

“We are aligning our playbooks and testing them through the national exercises. We are co-ordinating our communications, guidance and incident responses with them, so that we can respond to large-scale data breaches appropriately,” she said.

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.