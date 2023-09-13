Information Commissioner's Office
|Printable version
UK Information Commissioner and NCSC CEO sign Memorandum of Understanding
The UK Information Commissioner, John Edwards, and the Chief Executive of the National Cyber Security Centre (NCSC), Lindy Cameron, yesterday signed a joint Memorandum of Understanding (MoU) that sets out how both organisations will cooperate.
The MoU recognises that whilst both organisations have distinct responsibilities, there are opportunities to align work on some shared issues and deconflict on others.
These include cooperation on the development of cyber security standards and guidance as well as influencing improvements in the cyber security of organisations regulated by the Information Commissioner’s Office (ICO).
The MoU reaffirms that the NCSC will never pass information shared with it in confidence by an organisation to the ICO without having first sought the consent of that organisation.
UK Information Commissioner John Edwards said:
"We already work closely with the NCSC to offer the right tools, advice and support to businesses and organisations on how to improve their cyber security and stay secure.
“This Memorandum of Understanding reaffirms our commitment to improve the UK's cyber resilience so people's information is kept safe online from cyber attacks."
NCSC CEO Lindy Cameron said:
“This new MoU with the Information Commissioner builds on our existing relationship and will boost the UK’s digital security.
“It provides us with a platform and mechanism to improve cyber security standards across the board while respecting each other’s remits.”
Key provisions in the new MoU include:
a. The Commissioner will encourage organisations to engage appropriately with the NCSC on cyber security matters, including the response to cyber incidents.
b. The Commissioner will also incentivise engagement with the NCSC, including recognising organisations affected by significant cyber incidents that report to and work with the NCSC. The ICO also commits to exploring how it can transparently demonstrate that meaningful engagement with the NCSC will reduce regulatory penalties.
c. The ICO will support the NCSC’s visibility of UK cyber attacks by sharing information with NCSC about cyber incidents, on an anonymised and aggregate basis, as well as incident specific details where the matter is of national significance. Doing so will help NCSC make the UK the safest place to live and work online, ensure its advice and guidance remains fit for purpose, and that NCSC services keep pace with the evolving threat landscape.
d. Where NCSC and ICO are both engaged on a cyber incident, they will endeavour to deconflict to minimise disruption to an organisation’s efforts to contain and mitigate harm. In doing so, the Commissioner will seek to enable organisations to prioritise engagement with the NCSC and their partners in the immediate aftermath where that will prioritise mitigative work.
e. NCSC and ICO will provide each other with ongoing feedback with a view to continuous improvement in relation to their collaboration.
f. The NCSC and ICO will work together to enhance cyber security guidance available and encourage its adoption.
Notes to Editors
- The NCSC, a part of GCHQ, is the UK’s technical authority for tackling cyber threats and works to defend the UK from cyber risks, deterring adversaries and developing cyber security capability, consistent with delivering the UK’s National Cyber Strategy. The NCSC also manages serious cyber incidents to reduce harm to the UK.
- The ICO is the independent regulator for upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The Commissioner is empowered to take a range of regulatory actions including enforcement of the Data Protection Act 2018 and the UK General Data Protection Regulation and the Network and Information Systems Regulations 2018 in respect of Digital Service Providers for which the ICO serves as competent authority.
Original article link: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/09/uk-information-commissioner-and-ncsc-ceo-sign-memorandum-of-understanding/
Latest News from
Information Commissioner's Office
ICO to review period and fertility tracking apps as poll shows more than half of women are concerned over data security07/09/2023 16:20:00
The Information Commissioner’s Office (ICO) is reviewing period and fertility apps as new figures show more than half of women have concerns over data security
ICO publishes new guidance on sending bulk communications by email31/08/2023 16:20:00
The Information Commissioner’s Office (ICO) yesterday issued a warning to organisations to use alternatives to the blind carbon copy (BCC) email function when sending emails containing sensitive personal information, following a catalogue of business blunders.
Joint statement on data scraping and data protection25/08/2023 09:10:00
The Information Commissioner’s Office and eleven other data protection and privacy authorities from around the world have today published a joint statement calling for the protection of people’s personal data from unlawful data scraping taking place on social media sites.
One in three young people falling prey to ‘text pests‘ as ICO calls for victims to come forward22/08/2023 14:10:00
The Information Commissioner’s Office (ICO) has today launched a call for victims of so-called ‘text pests’ to come forward to help the regulator gather evidence of the impact of this illegal behaviour.
ICO consultation on the draft biometric data guidance18/08/2023 12:25:00
The Information Commissioner’s Office (ICO) is producing guidance on biometric data and biometric technologies.
ICO response to a data breach at Norfolk and Suffolk Constabularies15/08/2023 14:10:00
Norfolk and Suffolk Constabularies have announced a data breach relating to responses for Freedom of Information (FOI) requests for crime statistics, issued between April 2021 and March 2022.
“We are continuing to deliver for the public” – ICO publishes practice recommendations and enforcement notices on FOI10/08/2023 16:10:00
The ICO has today published action on five public bodies – Liverpool City Council, London Borough of Tower Hamlets, the Medicines & Healthcare Products Regulatory Agency, the Ministry of Defence and the Environment Agency - for failures to meet expected standards in responding to Freedom of Information Act requests.
ICO statement in response to reports of a data breach at the Police Service of Northern Ireland10/08/2023 12:25:00
ICO statement given yesterday in response to reports of a data breach at the Police Service of Northern Ireland.
ICO and CMA: Harmful online design encourages consumers to hand over personal information09/08/2023 16:05:00
The Information Commissioner’s Office (ICO) and Competition and Markets Authority (CMA) are calling for businesses to stop using harmful website designs that can trick consumers into giving up more of their personal data than they would like.