Tech Insight : What (Actually) Is The ICO?

Written by Pronetic

Pronetic is a leading provider of core IT support for ISO 27001, Cyber Essentials and Cyber Essentials Plus compliance.

October 13, 2021

In this tech-insight, we look at the role of the Information Commissioner’s Office, and how it can be a source of valuable compliance information and help to businesses.

What Is It?

The Information Commissioner’s Office is the UK’s independent, non-departmental public body set up to uphold information rights in the public interest. The ICO also promotes openness by public bodies and data privacy for individuals and is the regulator for Data Protection and Freedom of Information, with key responsibilities under the Data Protection Act 2018 (DPA) and Freedom of Information Act 2000 (FOIA), as well UK GDPR, and other acts. The ICO gives help and advice to individuals and businesses.

Who It Reports To

The ICO reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Digital, Culture, Media, and Sports, and has physical offices in Wilmslow, Cheshire, Cardiff, Edinburgh, and Belfast.

Who?

The current (although outgoing) Information Commissioner is Elizabeth Denham CBE, who was appointed UK Information Commissioner in July 2016. Her previous roles included Information and Privacy Commissioner for British Columbia, Canada, and Assistant Privacy Commissioner of Canada. In March 2018, she was named as the most influential person in data-driven business in the updated DataIQ 100 list and, In March 2019, Elizabeth was appointed chair of the Governance Working Group of the International Conference of Information Commissioners (ICIC), a global forum for information commissioners and ombudspersons with 45 members across all continents.

In August this year, it was announced the preferred new UK Information Commissioner is John Edwards who has been New Zealand’s Privacy Commissioner since February 2014, and who has practiced law in Wellington, New Zealand, for more than 20 years (specialising in information law).

Like What?

The ICO is the body/regulator responsible for Data protection law advice and information-giving, enforcement, monitoring/audits/studies, recommendations, decisions, and somewhere to complain to for matters like:

– Political campaigning practices (data analytics) e.g., transparency, ethics.

– Charity fundraising practices e.g., compliance laws that protect privacy and prevent nuisance phone calls.

– CCTV systems and facial recognition systems, matters of privacy and compliance with data protection laws.

– Credit and the uses of personal information e.g., by credit reference agencies (CRAs).

– Electoral registration.

– Nuisance marketing calls (enforcing the Privacy and Electronic Communications Regulations 20030). Nuisance calls can be reported to the ICO.

– Spam emails and texts (which can be reported to the ICO).

– Cookies.

– Data protection and journalism.

– Data held by the Police.

– Data protection matters for schools, universities, and colleges.

– Public data access rights.

Advice and Help For Businesses

The ICO provides guides to the legislation, resources, and support for businesses about obligations and how to comply under the Acts. Much of it can be found on the ICO website here: https://ico.org.uk/for-organisations/.

Examples of Action Taken

Part of the role of the ICO is to take action to ensure organisations meet their information rights obligations. Examples of action taken by the ICO can be found on their website here: https://ico.org.uk/action-weve-taken/.

Staying Independent Is Important

The outgoing Information Commissioner, Elizabeth Denham CBE, has warned (in a recent statement) that in order for the ICO to be able to hold the government to account, it is important that it preserves its independence in a way that is workable, within the context of the framework set by Parliament.

What Does This Mean For Your Business?

Businesses and organisations must comply with often complicated and changing data protection laws. Although the ICO is responsible for enforcing those laws, its primary role is really to help by giving advice and information, and the website is a useful resource and signposting place for businesses to use and to stay up to date with the latest developments and news. The ICO is also a place for individuals and businesses to complain (perhaps resulting in action with enough complaints) about practices such as spamming (calls, emails, and texts) or not responding to data requests.

You May Also Like…

0 Comments

Why Choose Pronetic

We Are ISO 27001 & Cyber Essentials Plus Certified

Be reassured that we have been externally audited. You can have complete peace of mind that the team managing your IT systems and safeguarding your data are independently vetted annually.

Seamless & Comprehensive IT Support

Our investment in people, tools and processes, continuously improved, ensures that we don’t just deliver exceptional I.T. support but include your compliance to Cyber Essentials or ISO 27001 “baked-in”. Yes, that means no more annual headaches and stress when your certification comes round.

Expert Support Money Back Guarantee

We're confident in the value we deliver. That's why we offer a 90-day, no-quibble money-back guarantee. If, for any reason, you're not completely satisfied with our IT support services, we'll provide a full refund and cancel your contract without any hassle.

Book Your Free IT Strategy Call Now!

Simply Fill In The Form Below To Receive Your Free IT Strategy Call:

By submitting this form, you consent to us using your personal information to contact you. For more information please see our privacy policy.