Information Commissioner's Office
Open letter from UK Information Commissioner Elizabeth Denham to UK organisations
Open letter from UK Information Commissioner Elizabeth Denham to UK organisations.
Dear data protection and freedom of information colleagues,
As organisations continue to adapt to respond to the challenges of COVID-19, I wanted to write to you setting out what continued support you can expect from my Office in the coming months, as we continue to adjust our approach to reflect these unprecedented times.
Throughout COVID-19, we have been offering practical support on new data protection questions that the pandemic has asked of your organisations. Whether you are a local business or a government department, we have been answering your questions on issues like working from home, collecting customer details for contact tracing and testing staff for coronavirus.
We know how hard you have been working to keep your organisation operating effectively. We know reassuring customers, staff and partners that their information is being looked after has been part of that work. We have been pleased that our timely and pragmatic advice has played a part in that.
We will continue prioritising practical advice that supports you through both the pandemic and recovery period.
We have also continued to provide our advice and support to organisations looking to innovate or do things differently. Good data protection enables innovation, because people’s trust in how you use their personal data plays a role in their overall confidence and support for your services.
In the past few months we have published guidance on how Artificial Intelligence can comply with the law, set out how we will support businesses to better protect children’s data online, and have confirmed our continuing support to innovators through partnership with other regulators. Our Sandbox continues to help organisations using personal data to develop innovative services, from the use of data to support student mental health wellbeing at universities to an airport looking to use facial recognition to replace boarding cards.
Our advice and support focuses firmly on enabling innovation to happen: the days when data protection regulation was seen as a blocker to innovative business have long passed.
We will continue offering this support, with guidance scheduled on data sharing and accountability, and an information hub dedicated to helping SMEs.
That work includes supporting public authorities around their freedom of information responsibilities, where we have recently published our self-assessment FOI toolkit.
As a regulator, our primary responsibility is to ensure compliance with the law. That might bring to mind images of ICO investigators chasing data protection rogues, but the reality is that modern regulation uses a wide range of tools.
Our fines and penalties may grab the headlines, but we know that our work alongside organisations, helping you to make changes and improvements to comply with the law, is the most effective way of reducing mistakes and misuse of people’s data. Working alongside organisations is also central to maintaining the availability of ‘everyday FOI’ that is such an important part of democracy,.
Examples of this approach include working with public authorities and supermarkets, so they could share information to support people shielding during Covid-19. Our report into the extraction of data from the mobile phones of victims and witnesses set out expectations of the police that have since been accepted as a sensible and empathetic way forward. And on the access to information side, we have launched our Freedom of Information toolkit for public authorities.
Working with an organisation does not remove our ability to take formal action if needed, and we will always have a role in bringing to task those organisations that wilfully ignore the rules, or fail to take responsibility for their actions. That has not changed, nor has the legal requirement that we consider the operational and financial pressures an organisation is facing before we intervene. Measuring the success of regulation by how many organisations are penalised ignores the commitment and dedication I see every day from organisations that work hard to use personal information responsibly to achieve their goals.
I know many of you are focused on economic recovery plans now, and as your organisations recover, my regulatory approach will adjust to take account of increasing operational resilience.
We have updated our regulatory approach document today, informed by what you are telling us about your own capacity. It is another step towards returning to our approach before COVID-19, but with the caveats and exceptions that reflect today’s reality.
What does not change is our pragmatic approach and commitment to supporting your organisation to protect people’s information rights. That has been our approach throughout my time as Information Commissioner, and will continue when my five year term comes to an end in July 2021.
I hope that gives you a clear picture of how the Information Commissioner’s Office will continue to support you in the coming months. If you need more information, if you have any questions, or if you simply want help finding the right data protection advice, then get in touch. There are full details on our website, at ico.org.uk/contact-us.
Latest News from
Information Commissioner's Office
Blog: Simplifying subject access requests – new detailed SARs guidance22/10/2020 12:25:00
The right of access is a fundamental right under data protection law. And it has never been more necessary. In a world where personal data is used almost everywhere – by everyone – it’s vital that people have the right to be able to find out what’s happening to their information.
ICO fines British Airways £20m for data breach affecting more than 400,000 customers19/10/2020 12:25:00
The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.
Blog: Engagement key in protecting people’s privacy across the UK during the pandemic14/10/2020 12:25:00
Information Commissioner Elizabeth Denham highlights the positive results of the ICO’s engagement with the UK devolved administrations on the use of data in the fight against COVID-19.
ICO takes action against company for sending spam emails selling face masks during pandemic09/10/2020 12:25:00
A company that sent spam emails selling face masks during the pandemic has been fined £40,000 by the ICO and issued with an enforcement notice.
Statement on the outcome of the ICO’s compulsory audit of the Department for Education08/10/2020 09:10:00
The Information Commissioner’s Office (ICO) has published the outcome of a compulsory audit of the Department for Education DFE carried out in February 2020.
Blog: Elizabeth Denham on the conclusion of the ICO’s investigation into the use of personal data in political campaigning07/10/2020 09:10:00
There can be few cases that better illustrate how mainstream data protection has become than the ICO’s investigation into the use of personal data in political campaigning, including by the now defunct Cambridge Analytica.
ICO launches consultation on draft Statutory guidance02/10/2020 12:25:00
The Information Commissioner's Office (ICO) has launched a public consultation on its draft Statutory guidance, which details how it will regulate and enforce data protection legislation in the UK.
ICO fines company flouting the law in order to profiteer from the coronavirus pandemic25/09/2020 12:25:00
The Information Commissioner’s Office (ICO) has fined Digital Growth Experts Limited (DGEL) £60,000 for sending thousands of nuisance marketing texts at the height of the pandemic.