It is based on a new draft code of practice which sets out the privacy watchdog's proposed approach to running audits. Its powers to do so will come into effect in April.
The process will enable the ICO to assess whether organisations are processing personal information in line with the Data Protection Act (DPA) and to advise on best practice.
It said will take a proportionate and risk based approach to auditing, based on a range of intelligence including complaints received, business and media reports and annual statements issued by the organisation.
According to the draft, it will continue to request consent for an audit to be carried out where there are signs that personal information may be at risk. But when an organisation refuses to work with the auditing team, the ICO will be able to serve an Assessment Notice, effectively compelling the organisation to cooperate with the auditors.
Initially it will only be able to do this for central government departments, but it will be able to make a case for it to be able to use the power more widely.
The draft code includes information on the factors considered before issuing an Assessment Notice, and also outlines the ICO's auditing framework to public and private sector organisations.
David Smith, deputy commissioner at the ICO, said: "Auditing plays a key role in educating and assisting organisations to meet their obligations under the Data Protection Act. We will work with organisations that want to get it right and are keen to follow best practice.
"However, those government departments less willing to work with us will face an Assessment Notice if there is evidence to suggest they are putting personal information at risk."
Staff
You have characters left
Please read our community standards.
Closing this window without pressing "Post your comment" will result in your words being lost.
Are you sure?
Thank you for your comment. This has been submitted for moderation.
Your comment has been successfully posted.
Sorry, something has gone wrong and this action cannot be completed. Please try again later.