History of the ICO
Today, more than 300 staff are employed by the ICO in offices in Wilmslow, Northern Ireland, Scotland, Wales and London, handling more than 32,000 data protection complaints, 4,000 freedom of information complaints and 212,000 phone calls. The ICO also administrates over 334,000 entries on the Register of Data Controllers. But things started very differently.
On 12 July in 1984, the Data Protection Act received Royal Assent. The new Data Protection Act established eight principles as a code of good information handling practice, which registered data users were required to comply with.
We launched a new project aimed at embedding information rights into the UK education systems.
At the start of the year the Information Commissioner, Christopher Graham, was elected Vice Chair of the Article 29 Working Party.
In November, we served our first two monetary penalties under The Privacy and Electronic Communications Regulations, totalling £440,000, to the owners of a marketing company responsible for millions of unlawful spam texts.
We launched our ‘Data sharing code of practice’ at the House of Commons in May.
In November, we welcomed our new powers, enabling the ICO to impose monetary penalties of up to £500,000 for serious breaches of the Privacy and Electronic Communications Regulations.
In April, new powers to issue monetary penalties came into force, allowing the ICO to serve notices requiring organisations to pay up to £500,000 for serious breaches of the Data Protection Act.
Ken Macdonald was appointed Assistant Commissioner for Northern Ireland, in addition to his role as Assistant Commissioner for Scotland.
In October, we served our first two monetary penalties against the private company A4e and
In June, Richard Thomas was appointed a CBE for public service.
In December, the ICO gained some additional, limited responsibilities under the INSPIRE Regulations.
Deputy Commissioner Francis Aldhouse retired in January. In June, he was awarded a CBE for his work over 21 years.
On 1 January, the Freedom of Information Act 2000 was fully implemented. The Act was intended to improve the public’s understanding of how public authorities carry out their duties, why they make the decisions they do, and how they spend their money. Placing more information in the public domain would ensure greater transparency and trust, and widen participation in policy debate.
As a positive response to devolution and to provide direct support on local information issues, the ICO set up regional offices in Northern Ireland, Scotland and Wales.
In June, Elizabeth France was made a CBE for services to data protection.
In January, the office was given the added responsibility of the Freedom of Information Act and changed its name to the Information Commissioner’s Office.
The majority of the Data Protection Act comes into force. The name of the office was changed from the Data Protection Registrar to the Data Protection Commissioner. Notification replaced the registration scheme established by the 1984 Act.
The Data Protection Act 1998 received Royal Assent and the provisions of the Data Protection Telecommunications Directive (97/66/EC) relating to direct marketing by phone and fax came into effect.
The office conducted its first research to assess its own guidance.
DUIS, the Data User Information System, was implemented and the Register of Data Users was published on the internet. The number of new registrations totalled around 213,000. The office was represented at the Working Party of Data Protection Authorities which was set up under Article 29 of the Directive.
The Registrar set up an informal advisory board.
Eric Howe produced his last report as the Data Protection Registrar and retired in September.
The first series of free introductory seminars were held at venues throughout the UK. Two specialist seminars for the public sector and finance industry were also held in London.
The registration fee increased to £75 for three years.
The European Union published its draft directive on data protection and the Data Protection Tribunal had its first five hearings and made its first decisions.
The fee for registration increased to £56 for three years.
The registration fee increased to £40 for three years and the number of registration applications received rose to 150,000.
The Data Protection Act came fully into force on 11 November.
The enquiry line handled around 66,000 calls throughout the year.
Eric Howe’s office of about 10 people moved in April to Springfield House in Wilmslow, Cheshire. By the end of the year the Data Protection Registrar employed around 80. Around 70 of those were involved in running the registration scheme.
Eric Howe became the first Data Protection Registrar in September, assisted by a small office based in Bracken House, Charles Street, Manchester.