The Information Commissioner’s Office is undergoing a major structural overhaul on the back of the imminent departure of three of its four-strong executive team, moving to a more collective model of leadership and a much larger senior management board.
The shake-up comes as the ICO is set to lose both its deputy commissioners – director of freedom of information Graham Smith and director of data protection David Smith – within weeks. To compound matters, Information Commissioner Christopher Graham is due to step down in June next year.
Graham Smith (pictured, middle) is leaving at the end of this week after 14 years as deputy commissioner to take up a position with the European Ombudsman in Brussels. He led the work to establish the ICO as the regulator for the Freedom of Information Act 2000 and he has had responsibility for its policy delivery function across both FoI and data protection.
Then next month, the other deputy commissioner, David Smith (pictured, far right), retires after 25 years’ service at the ICO and ten years as deputy commissioner. He is the longest serving chief at the ICO, sitting on both its management board and executive team. He joined the regulator – then known as the Office of the Data Protection Registrar – in 1990.
At the end of June 2016, Graham is also stepping down, having served seven years as Information Commissioner.
Graham said: “Replacing these two ICO experienced colleagues would have been a challenge in any event, but it has been complicated by the delay in concluding the Triennial Review of the ICO, launched a year ago at the initiative of the Cabinet Office.
“I am confident that the report on the ICO will be published in due course. But one of the matters under consideration in that Review was Lord Justice Leveson’s recommendation that the Information Commissioner should no longer be constituted as a ‘corporation sole’. Under the circumstances, I felt I could not simply replace the two Smiths with like for like appointments.”
From next month, Graham will be assisted by a senior management team of 12 colleagues, with the Simon Entwisle, the current deputy chief executive at the ICO, as deputy commissioner and deputy CEO with effect from November 1.
Graham added: “This new leadership structure is designed to build a strong platform for whatever changes are required of the ICO in the next year or so. Whatever the recommendations of the Triennial Review, we can anticipate that the new EU Data Protection Regulation will oblige the ICO to organise itself somewhat differently.
“This is simply because the new obligations to be placed on data protection authorities will oblige the ICO to do some things differently. But, until the negotiations in Brussels are concluded, we cannot know quite how differently we will need to be organised.
On his own imminent departure, Graham said: “I have lots still to do facing the immediate demands of dealing, for example, with the commission on the Freedom of Information Act, forthcoming surveillance legislation, what to do about international data transfers and Safe Harbor, nuisance phone calls, charity fundraising – and making sure I leave the ICO as a well-oiled machine, running at optimum efficiency and effectiveness. Our new collective leadership is helping me to do just that.”
Related stories
Double blow for UK data protection
Graham relishes 2 more years
ICO faces £43m funding black hole
Are data enforcers up to the job?