Privacy and Openness: Making a reality of Information Rights

2 Jul 2015 01:51 PM

ICO publishes annual report

The Information Commissioner talked of a year that marks the progress of data protection and freedom of information when he launched the ICO’s annual report yesterday.

Christopher Graham pointed to the strengthening of his regulatory powers to show how the legislation continues to develop. In the past year, the ICO was given powers to compulsorily audit NHS bodies for their data handling, while forcing a potential employee to make a subject access request for, for example, their spent criminal record was also made an offence. A law change also made it easier to issue fines to companies behind nuisance calls and texts.

Information Commissioner Christopher Graham said yesterday:

“It’s thirty years since this office was established in Wilmslow. We’ve seen real developments in the laws we regulate during that time, particularly over the past year. Just look at the EU Court of Justice ruling on Google search results, a case that could never have been envisaged when the data protection law was established.

“Our role throughout has been to be the responsible regulator of these laws. More than that, we work to demystify some of this legislation, making clear that data protection isn’t to be seen as a hassle or a duck-out, but a fundamental right.

“A good example of that is our role in the new data protection package being developed in Brussels. We’ve been asked for our advice, based on our experience regulating the existing law, while we’ve also provided a sensible commentary on proceedings for interested observers.

“That role will continue this year, in what promises to be a crucial twelve months. The reform is overdue, but it is vital that we get the detail right on a piece of legislation that needs to work in practice and to last.”

The Commissioner also reflected on the tenth anniversary of the Freedom of Information Act, which was implemented in January 2005.

“It is striking to see how decisions that were so hard fought in the early years have resulted in routine publication of information. Publication of safety standards of different models of cars, for example; or hygiene standards in pubs and restaurants; and surgical performance records of hospital consultants. Publication is now expected and unexceptionable.

“It’s been the ICO’s job to help public authorities to comply with requests,” Mr Graham will say. “The ICO’s role has led to information being released that time and time again has delivered real benefits for the UK.”

“Our Annual Report is our claim to be listened to in the debates around information rights. It shows the ICO knows what it is talking about.”

The ICO annual report reflects on the financial year 2014/15. Key stats include:

14,268 – data protection concerns received

£1,078,500 – total CMPs issued, £386,000 of which were for companies behind nuisance calls or texts

195,431 – helpline calls answered

11.4% - rise in number of concerns raised about nuisance calls and texts (to 180,188)

41 – audits conducted of data controllers (as well as 58 advisory visits to SMEs)

1,177 - Information requests responded to

4.9 million – number of visits to our website

The report can be read in full on the ICO website.

Notes to Editors

  1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO regulates the Data Protection Act 1998, the Freedom of Information Act 2000, the Privacy and Electronic Communications Regulations 2003 and the Environmental Information Regulations 2004. In Scotland, freedom of information is a devolved matter and Scottish public authorities are subject to the Freedom of Information (Scotland) Act 2002 which is regulated by the Office of the Scottish Information Commissioner in St Andrews.
  3. The ICO is on TwitterFacebook and LinkedIn. Read more in the ICO blog and e-newsletter.Our Press Office page provides more information for journalists.
  1. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is: