Advertisement

Information Commissioner’s Office to review public sector policy on financial penalties

The watchdog has announced an assessment of its current approach, which could mean reintroducing fines for public organisations.

black framed eyeglasses and black pen

For the past two years, the Information Commissioner’s Officer (ICO) has been trialling a ‘revised approach’ to data protection enforcement that saw it actively avoid issuing financial penalties. 

Introduced in June 2022, the decision to veer away from fines came at the same time as an announcement of increased support for government bodies and departments in improving standards. Rather than risk impacting already stretched budgets and in turn service provision, public reprimands became the go-to course of action in the event of compliance breaches. 

‘In June 2022 we revised our approach to working with public sector organisations and started a two-year trial, as set out in our open letter at the time,” a statement from the ICO at the time read. ‘While we have continued to issue fines to public bodies where appropriate, we have also been using our other regulatory tools to ensure people’s information is handled appropriately and money isn’t diverted away from where it’s needed the most.’

‘We will now review the two-year trial before making a decision on the public sector approach in the autumn. In the meantime, we will continue to apply this approach to our regulatory activities in relation to public sector organisations.’

There will now be a formal review of what effect this has had on compliance before a decision is made on whether to continue with the same policy, or overhaul the approach. In March, the ICO took action against five public authorities, including Sussex Police and South Yorkshire Police received enforcement notices for Freedom of Information failings. Meanwhile Department for Education, Foreign Commonwealth and Development Office, and the Financial Services Ombudsman were given practice recommendations setting out improvements for better compliance.  

Last month, the ICO confirmed a 160% rise in UK organisations registered as personal data processors for GDPR purposes. 

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Help us break the news – share your information, opinion or analysis
Back to top