The UK's Information Commissioner's Office (ICO) is looking to spend around £3m on its IT, with an invitation for tenders expected at the end of next month, reports The Register.
Speaking at the Infosec conference in London, information commissioner Christopher Graham said the ICO hoped to publish its procurement notice in the Official Journal of the European Union, seeking a vendor to provide his office with IT services.
Graham said the office would be spending about 20% of its £15m budget on IT.
The commissioner also said that the ICO had handed out 14 civil monetary penalties (CMPs), the office's name for fines, for data protection breaches in the 18 months since he was given the power to do so.
Graham said that public bodies simply had more personal data than privatre sector businesses so their breaches were often more serious. The penalties were only meant to be used when there had been a serious breach and if the offenders quickly fixed the problem and put in policies to make sure it would never happen again, they may not be fined, he said.
Data protection breaches were also taken more seriously by the ICO when the data controller wasn't up to scratch or the business hadn't taken steps to ensure their staff handled private information carefully.
He cited the example of one local authority where child protection papers were faxed off to the wrong place.
"[The authority] said that all the policies were in place, everybody was trained, it was all fine, nothing to see here," he said.
"But my people said, "Certainly not, this could happen again tomorrow".
"It happened that afternoon, exactly the same stupid faxing error and that's one of the reasons why a CMP was appropriate."
The commissioner was also asked by an Infosec attendee what he thought of the proposed communications monitoring law and how that fit in with his mandate to protect people's privacy.
"You're referring to something that's called the communications capability directive. We believe there's going to be something in the Queen's speech, whether it's going to be a bill or a draft, I don't know," he said.
"I would prefer to wait and see what's in the bill, but... I think if you're going to justify this invasion of privacy, you've got to make your case for it and you've got to mitigate any threats by showing that you've got limitations in place... and safeguards to make sure this honeypot is not accessed by just anyone."
This article is published by Guardian Professional. For weekly updates on news, debate and best practice on public sector IT, join the Guardian Government Computing network here.
