The Information Commissioner's Office (ICO)

The Information Commissioner’s Office (ICO) is the UK’s independent regulatory body set up to protect the public by upholding information rights.

They are responsible for data protection in England, Scotland, Wales and Northern Ireland and also hold some international duties.

The ICO is also responsible for Freedom of Information in England, Wales and Northern Ireland whilst the Scottish Information Commissioner is the responsible body in Scotland.

The ICO promotes data privacy for individuals through upholding the Data Protection Act and the Privacy and Electronic Communications Regulations. For businesses which breach the Data Protection Act, the ICO have a number of tools they can use including:
  • • Serve information notices requiring organisations to provide the Information Commissioner’s Office with specified information within a certain time period;

  • • Issue undertakings committing an organisation to a particular course of action in order to improve its compliance;

  • • Conduct consensual audits to check organisations are complying;

  • • Serve assessment notices to conduct compulsory audits to assess whether organisations’ processing of personal data follows good practice (data protection only);

  • • Issue monetary penalty notices, requiring organisations to pay up to £500,000 for serious breaches of the Data Protection Act occurring on or after 6 April 2010 or serious breaches of the Privacy and Electronic Communications Regulations;

  • • prosecute those who commit criminal offences under the Act; and

  • • Report to Parliament on data protection issues of concern.
The ICO enforces and oversees the following legislation:
  • • Data Protection Act 1998
  • • Freedom of Information Act 2000
  • • Privacy and Electronic Communications Regulations 2003
  • • Environmental Information Regulations 2004
All information taken from the ICO website