ICO issues details of cases that have not led to a fine

The ICO has announced a change to its policy which means that it will be publishing all reprimands, unless there is a good reason not to. The status of the reprimand reflects whether an organisation has completed the required actions or if it is still ongoing.

Information Commissioner John Edwards said:

“Whatever regulatory action we take, whether it is a reprimand or a fine, its value goes far beyond the individual organisation. Every regulatory action must be a lesson learned by the rest of the economy and play a role in behaviour change.”

Whilst this is useful material for DPOs and their privacy lawyers, publishing such information could also lead to unwanted publicity for companies that have had issues with their data protection compliance.

The ICO will not publish details of a reprimand where details involve national security or when publishing would be likely to jeopardise any ongoing investigation.

The ICO has published cases from the beginning of 2022. Details include the reprimands against Virgin Media Limited and Grindr LLC, which are both ongoing. The ICO says that the webpage is under development and will be updated in due course.

See: ICO - Reprimands

For more extensive coverage of today’s most important privacy issues, subscribe now to Privacy Laws & Business UK Report. The next issue, published next week, includes articles on Binding Corporate Rules – convergence between the UK and the EU, the ICO’s new marketing guidance, UK enforcement trends, ICO guidance on Transfer Risk Assessment, AI in recruitment, and the future of the DPO role.