Giving evidence to the House of Commons Justice Committee hearing on the protection of private data, Information Commissioner Richard Thomas called for changes in the law and a rethink on government data-sharing between departments.

During more than an hour of evidence Thomas said his budget was insufficient and his powers too weak. The ICO total budget is £10m compared to £890m for Health and Safety or £143m for the Food Standards agency. The £10m comes from registration fees from data controllers - those deemed by the law to be liable not from the government.

He said the government's "vision" on data-sharing between government departments looked more at the benefits of such a policy, rather than addressing the inherent risks.

Thomas said: "There is excessive faith in technology perhaps without addressing the risks that go with collecting that information - that vision looks a little dated now."

On the ICO's powers, Thomas said he was asking for a new criminal offence to be created.

He also suggested that annual financial reports could include a statement that data security policies had been followed and would be signed off by chief executives or heads of government departments.

Thomas, who has had his job for five years, said: "We've been dissatisfied for some time with our powers. We can get a search warrant but that is the nuclear option - otherwise we need the organisation's consent and that seems bizarre. Most data regulators internationally have the right to inspect and most other UK regulators have that right."

Thomas explained that the ICO has the right to inspect international organisations, but not UK organisations. He said he welcomed the prime minister's instructions to departments to allow inspections, but wanted that backed up by legislation. He said: "It's an anomaly that doesn't make sense and reflects that data protection has not been taken seriously by successive governments."

The Information Commissioner also wants the power to require organisations to commission independent reviews of specific practices.

Asked about the ID card project, Thomas said it was difficult to comment in detail because the primary purpose of the cards was still not clear. ®

Related stories

Dell's slow response to straying data (24 January 2008)
http://www.channelregister.co.uk/2008/01/24/dell_data_breach/
TalkTalk and Carphone on the naughty step (16 January 2008)
http://www.theregister.co.uk/2008/01/16/ico_talktalk_carphone/
2007 worst ever year for data protection (7 January 2008)
http://www.theregister.co.uk/2008/01/07/lib_dems_data_losses/
Brown quizzed on gov IT failures (13 December 2007)
http://www.theregister.co.uk/2007/12/13/brown_quizzed_it/
Daring Register raid snatches key government URL (11 December 2007)
http://www.theregister.co.uk/2007/12/11/ukti_ictmarketingstrategy/
Info chief calls for data safeguards in wake of HMRC debacle (11 December 2007)
http://www.theregister.co.uk/2007/12/11/ico_identity_fraud_statement/
HMRC coughs to more data losses (6 December 2007)
http://www.theregister.co.uk/2007/12/06/hmrc_systemic_failures/
Ex-HMRC boss gets shiny new civil service post (4 December 2007)
http://www.theregister.co.uk/2007/12/04/hmrc_boss_new_job/
Civil service apologises for HMRC data loss (26 November 2007)
http://www.theregister.co.uk/2007/11/26/hmrc_data_loss_letter/
Senior officials now in frame for HMRC data fiasco (22 November 2007)
http://www.theregister.co.uk/2007/11/22/darling_disaster_good_id_cards/
Info chief renews call for data breach crime penalties (21 November 2007)
http://www.theregister.co.uk/2007/11/21/hmrc_spot_checks/
Darling's Data giveaway - what the readers say (21 November 2007)
http://www.theregister.co.uk/2007/11/21/reader_comments_on_hmrc/
Will Darling's data giveaway kill off ID cards? (21 November 2007)
http://www.theregister.co.uk/2007/11/21/response_data_breach/
Lost HMRC discs pop up on eBay (21 November 2007)
http://www.theregister.co.uk/2007/11/21/hmarc_ebay_auction/
How HMRC gave away the UK's national identity (20 November 2007)
http://www.theregister.co.uk/2007/11/20/hmrc_huge_data_loss/