Elizabeth Denham has today assumed her post as the head of Information Commissioner’s Office (ICO), Britain’s national data protection authority.

Denham replaces outgoing commissioner Christopher Graham who led the organization for seven years, offering guidance on topics like the EU data protection rules, online surveillance and the Safe Harbor framework.

“I am delighted to have taken up this position and am excited about the challenges ahead. I look forward to working with staff and stakeholders to promote openness by public bodies and data privacy for individuals,” Denham said.

Elizabeth Denham
Elizabeth Denham

New face of data protection

ICO looks after information rights in the UK, overseeing implementation of the Data Protection Act 1998, the Freedom of Information Act 2000 and the Privacy and Electronic Communications Regulations 2003.

In 2010, the organization was given powers to impose fines of up to £500,000 for data breaches and unlawful marketing practices.

From today onward ICO will be led by Denham, who will serve a five-year term as Information Commissioner.

Denham has held several senior positions in privacy regulation in Canada over the last 12 years. She served as the head of the Office of the Information and Privacy Commissioner for British Columbia since 2010. Between 2007 and 2010 she was the Assistant Privacy Commissioner of Canada in Ottawa, and between 2003 and 2007 - a director at the Office of the Information and Privacy Commissioner of Alberta.

“The work of the Information Commissioner is vital for public and business alike. I’m pleased that we are recommending Elizabeth Denham to take on this role. She has a track record of working with business and other stakeholders, as well as a proactive approach to enforcing data protection law,” Baroness Neville-Rolfe, minister for data protection, said in March.

Prior to the results of the referendum on the membership of the EU, it was thought that the greatest challenge for the incoming Information Commissioner would be the implementation of General Data Protection Regulation (GDPR) - a new Europe-wide legislation which is designed to give individuals greater control over their personal information.

Last month, the ICO confirmed that the UK will have to subscribe to provisions of GDPR if it wants to continue trading with the EU, even if it leaves the Union.