Information Commissioner's Office
Housing developer fined for ignoring data request
Organisations have been reminded they could face a criminal prosecution if they fail to respect the public’s legal right to access their personal information.
The warning came from the Information Commissioner’s Office (ICO) after housing developer Magnacrest Ltd was fined by Westminster Magistrates for breaching data protection laws. The company did not comply with an enforcement notice issued by the ICO and so the regulator prosecuted.
The court heard that an individual had submitted a subject access request on 17 April 2017. A subject access request, or SAR, allows someone to request all the personal information an organisation holds about them.
But Magnacrest, based in Hazlemere, Buckinghamshire, failed to provide the information within the required timescale of 40 calendar days and the individual complained to the data protection regulator, the ICO.
The ICO served an enforcement notice on the company ordering it to comply with the law and provide the requested information.
When the company failed to obey the notice, the ICO brought a criminal prosecution under s47(1) of the Data Protection Act 1998.
Magnacrest pleaded guilty to a charge of failing to comply with an enforcement notice when it appeared before Westminster Magistrates on 6 February 2019. The company was fined £300, with a £30 victim surcharge, and was ordered to pay £1,133.75 towards prosecution costs.
Mike Shaw, the ICO’s Criminal Enforcement Manager, yesterday said:
“The right to access your own personal information is a fundamental and long-standing principle of data protection law. New laws brought into effect last May strengthen those rights even further.
“Organisations not only have to respect this right but must also respect notices from the ICO enforcing the law. If they fail to do so then they must accept the consequences, which can include a criminal prosecution.”
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation, the Freedom of Information Act 2000, the Environmental Information Regulations 2004 and the Privacy and Electronic Communications Regulation 2003.
- The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit
- A limited number of criminal enforcement cases – including this case - are still being dealt with under the provisions of the Data Protection Act 1998 because of the time when the breach of the legislation occurred.
- Anyone who requests their personal information from a UK-based company or organisation is legally entitled to have that request answered, in full, under UK data protection law. This is called the right of subject access. Where organisations fail to
- meet their obligations, the ICO can issue an enforcement notice compelling them to do so. It's a criminal offence not to comply with it.
- Criminal prosecution penalties are set by the courts and not by the ICO. Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns/
Latest News from
Information Commissioner's Office
ICO fines home security company for making thousands of nuisance calls14/06/2019 09:10:00
The Information Commissioner’s Office (ICO) has fined Smart Home Protection Ltd £90,000 for making nuisance calls to people registered with the Telephone Preference Service (TPS).
Former customer services officer fined after unlawfully accessing personal data10/06/2019 17:20:00
A former customer services officer at Stockport Homes Limited (SHL) has been found guilty of unlawfully accessing personal data without a legitimate reason to do so.
G20 Side Event - International Seminar on Personal Data05/06/2019 12:25:00
Speach given yesterday by the ICO at the G20 Side Event – International Seminar on Personal Data.
Blog: Counting the cost of accessing environmental information04/06/2019 11:10:00
Blog posted by: Gill Bull, Director of Freedom of Information, 03 June 2019.
When it comes to explaining AI decisions, context matters03/06/2019 12:25:00
Alex Hubbard, Senior Policy Officer at the ICO, looks at some of the key themes identified in the ICO and The Alan Turing Institute’s interim report about explanations of AI decisions.
Blog: GDPR – One Year on31/05/2019 09:10:00
Blog posted by: Elizabeth Denham, Information Commissioner, 30 May 2019.
Blog: ICO regulatory sandbox29/05/2019 12:25:00
Work begins on creating ICO Sandbox short list as application period closes.
Known security risks exacerbated by AI24/05/2019 09:25:00
As part of our AI auditing framework blog series, Reuben Binns, our Research Fellow in Artificial Intelligence (AI), Peter Brown, Technology Policy Group Manager, and Valeria Gallo, Technology Policy Adviser, look at how AI can exacerbate known security risks and make them more difficult to manage.