At Big Brother Watch, we've long been critical of the repeated refusal of the Information Commissioner Christopher Graham (a very nice man) to use the powers he has to prosecute those who violate the UK's data protection laws.
In an article published today on Public Service Online, the Commissioner stated that the "big stick is there, but doesn't need to be deployed all the time to have an effect".
The Information Commissioner has proved himself to be hugely effective at policing public bodies who fail to discharge their obligations under the Freedom of Information Act - naming and shaming the worst performers, from central government to local authorities. He has also demonstrated an occasional willingness to get tough with organisations who lose sensitive personal information (the example of the large fine handed to Ealing and Hounslow Councils recently being one such example).
He has not, however, been pro-active in taking action to protect members of the public from online privacy infringements. In particular, he refused to pursue what he termed "knee-jerk" action against Google after they collected sensitive personal information from the home WiFi systems of thousands of people and has yet to pick a fight with any of the numerous online shops who have irresponsibility leaked client information.
While we appreciate the ICO is attempting to take a softly-softly approach in order to achieve long-term incremental improvements, he has his "big stick" for a reason. Occasionally, he needs to hit someone with it.