The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

News releases - 2011

News releases - 2011

Subscribe to our latest news

December

Receptionist unlawfully accessed sister-in-law’s medical details
16 December 2011
A receptionist who unlawfully obtained her sister-in-law’s medical records in order to find out about the medication she was taking has been found guilty of an offence under section 55 of the Data Protection Act.

ICO clarifies law on information held in private email accounts
15 December 2011
The ICO has today published new guidance making it clear that information concerning official business held in private email accounts is subject to the Freedom of Information Act.

'Must try harder’ on cookies compliance, says ICO
13 December 2011
Website owners ‘must try harder’ on complying with the new cookies law the ICO said today, as it published its half term report on enforcing the new rules. 

‘Significant progress’ made in spam texts investigation, says ICO
8 December 2011
‘Significant progress’ has been made in identifying those responsible for sending spam texts, the ICO said today. The update comes as figures from the ICO’s consumer survey show that 95% of people find spam texts either inconvenient, concerning or distressing.

Powys County Council fined £130,000 for disclosing child protection case details
6 December 2011
The ICO has today served a monetary penalty of £130,000 to Powys County Council for a serious breach of the Data Protection Act where the details of a child protection case were sent to the wrong recipient.

November

Monetary penalties served to councils for serious email errors
28 November 2011
The ICO has served monetary penalties to North Somerset Council and Worcestershire County Council after staff at both authorities sent highly sensitive personal information to the wrong recipients. The news comes as the Information Commissioner is pressing for stronger powers to audit data protection compliance across local government and the NHS.

ICO asks public to 'Tell Me More' about what information should be proactively released
25 November 2011
The ICO today launched a consumer campaign aimed at getting the public to offer their views about what information public authorities should proactively release.

Council warned after personal data was missing for two years
21 November 2011
Southwark Council breached the Data Protection Act by misplacing a computer and some papers containing 7,200 peoples’ personal information which were discovered in a skip earlier this year, the ICO said today.

Gambling worker guilty of selling 65,000 bingo players’ details
10 November 2011
A former gambling industry worker who unlawfully obtained and sold personal data relating to over 65,000 online bingo players has been found guilty of committing three offences under section 55 of the Data Protection Act.

University of Edinburgh appointed to lead research project on embedding information rights in schools
4 November 2011
The Centre for Research on Families and Relationships at the University of Edinburgh has been appointed to lead a research project on embedding information rights in the education system, Jonathan Bamford, Head of Strategic Liaison at the ICO, announced today.

ICO welcomes midata scheme
3 November 2011
Information Commissioner, Christopher Graham, today welcomed the launch of the government’s midata scheme – a voluntary partnership with businesses and consumer bodies that will give consumers access to their personal data in a portable, electronic format.

Council lost memory stick containing 18,000 residents’ details 
3 November 2011
Rochdale Metropolitan Borough Council breached the Data Protection Act by losing an unencrypted memory stick containing the details of over 18,000 residents, the ICO said today. The ICO has required the council to put changes in place and will check to ensure the improvements have been made.

October

Patients’ details binned on two occasions 
27 October 2011
University Hospitals Coventry & Warwickshire NHS Trust breached the Data Protection Act by losing patients’ medical information on two separate occasions, the ICO said today.

ICO statement on Justice Committee report, ‘Referral fees and the theft of personal data: evidence from the Information Commissioner’
27 October 2011
The Information Commissioner has issued a statement welcoming the support of the Justice Committee.

Students concerned that information online might affect their careers, says ICO - as it launches privacy awareness campaign
26 October 2011
Four out of ten students online (42%) are concerned that personal information available about them online might affect their future employment prospects, the ICO said today, as it launched its 2011 Student Brand Ambassador campaign.

Businesses ‘waking up’ to data protection responsibilities – but less than half of individuals believe that their data is handled properly
21 October 2011
Businesses may be ‘waking up’ to their obligations under the Data Protection Act (DPA) but public confidence in how personal information is being handled continues to decline, the ICO said today.

Compulsory audit powers needed for local government, the NHS and the private sector, says Information Commissioner
13 October 2011
Powers to conduct compulsory data protection audits in local government, the health service and the private sector are needed to ensure compliance with the law, the Information Commissioner said today at the 10th annual data protection compliance conference in London.

Laptop thefts highlight the need for encryption
5 October 2011
Two organisations have taken action after they breached the Data Protection Act by failing to encrypt personal information on laptops that were later stolen, the ICO said today.

September

The citizen should be in the driving seat over what information is made public, says Information Commissioner
28 September 2011
‘Transparency is not just about what the authorities choose to reveal to citizens; but what citizens have a right to ask to see,’ Information Commissioner, Christopher Graham, said today, in a speech to mark International Right to Know Day 2011.

ICO issues advice on the disclosure of research information 
26 September 2011
The ICO has today published guidance on freedom of information legislation and research information, aimed specifically at public authorities in the higher education sector.

ICO response to Wednesday's report in the Independent newspaper
14 September 2011
The ICO has responded to Wednesday's report in the Independent newspaper.

Cashier spied on sex attack victim’s bank records 
13 September 2011
Custodial sentences need to be available to the courts to stop the unlawful use of personal information, Information Commissioner Christopher Graham will say today in an appearance before the Justice Select Committee.

Children’s case files found in second-hand furniture shop
2 September 2011
The Scottish Children’s Reporter Administration (SCRA) breached the Data Protection Act by failing to keep sensitive information about the welfare of young people secure in two separate incidents, the Information Commissioner’s Office (ICO) said today.

August

Information rights should be embedded in schools, says ICO
30 August 2011
The importance of data privacy and access to official information should be embedded in the formal education process, the ICO said today, as it launched a research project to explore ways of getting information rights issues covered in primary and secondary education systems in the UK.

Disappointed students can request examiners’ comments under data protection laws, says ICO 
18 August 2011
Students who want to know exactly what the examiner thought of their work can request to see this information under the Data Protection Act, the ICO said today, as hundreds of thousands of students receive their A-Level exams results.

ICO audit finds improvements to Google’s privacy policies
16 August 2011
Google Inc. has taken reasonable steps to improve its privacy policies, the Information Commissioner’s Office (ICO) said today, following an audit at the company’s London office.

Online security must be a priority for retailers, says ICO
9 August 2011
Cosmetics retailer Lush breached the Data Protection Act after the security of its website was compromised for a four month period, the Information Commissioner’s Office (ICO) said today.

Thousands of tenants’ details found on memory stick left in a London pub
4 August 2011
Two London housing bodies breached the Data Protection Act after details relating to thousands of their tenants were discovered on an unencrypted memory stick left in a pub, the Information Commissioner’s Office said today.

ICO statement from the Information Commissioner on the government’s open data consultation
4 August 2011
The Information Commissioner has issued a statement welcoming the government’s open data consultation.

July

University breached law by making students’ details available online
20 July 2011
The University of York breached the Data Protection Act by failing to close a test area on its website that contained thousands of students’ personal details, the Information Commissioner’s Office said today.

Lancashire Police website mix-up led to data breach
19 July 2011
Lancashire Police Authority breached the Data Protection Act by accidentally publishing details of an individual’s complaint on their website, the Information Commissioner’s Office (ICO) said today.

ICO statement on today’s Cabinet Office transparency event
7 July 2011
The Information Commissioner has issued a statement welcoming today's commitments from the Government aimed at opening up public services and improving transparency.

Businesses must open their doors to audits, says ICO
6 July 2011
Businesses should be more willing to undergo data protection audits, the Information Commissioner, Christopher Graham, said today. The warning comes as figures published in the ICO’s annual report show that private companies reported the most data security breaches of any sector in 2010/11.

Health service must get it right on data security, says ICO
1 July 2011
The health service needs to do more to keep patients’ personal information secure, the Information Commissioner said today. The warning comes as the ICO finds a further five health organisations in breach of the Data Protection Act.

June

ICO hosts information sharing event in Belfast
27 June 2011
Organisations from across the public, voluntary and charity sector will be discussing the importance of effective data sharing at an event organised by the ICO in Belfast tomorrow.

Government departments commit to improve FOI response times
23 June 11
The Cabinet Office, the Ministry of Defence and Birmingham City Council have made a commitment to improve the time they take to respond to FOI requests, the ICO said today.

Commissioner orders disclosure of names of public sector workers earning over £150,000
22 June 2011
Information Commissioner, Christopher Graham, has today ordered the Cabinet Office to disclose the names of 24 public sector workers who earn more than £150,000.

Banks need to give customers better access to their information, says ICO 
20 June 2011
Banks and other financial service providers need to do more to fulfill their legal obligations to give customers access to the information they hold about them, David Smith, Deputy Commissioner at the ICO, said today.

ICO statement on investigation into claims about lost News of the World emails 
17 June 2011
The Information Commissioner has issued a statement about the ICO's investigation into claims about lost News of the World emails.

ICO hosts information sharing event in Glasgow 
15 June 2011
Organisations from across the public, voluntary and charity sectors will be discussing the importance of effective data sharing at an event organised by the Information Commissioner’s Office in Glasgow tomorrow.

ICO statement on loss of laptops at NHS North Central London 
15 June 2011
The Information Commissioner's Office has issued a statement in response to a report in the Sun newspaper about a data loss involving NHS North Central London.

ICO tells CCTV website Internet Eyes to make changes following privacy concerns
14 Jun 2011
The ICO has required CCTV monitoring website Internet Eyes to make significant changes to the way it operates after CCTV footage of a shopper was posted on You Tube.

Customer data thieves made to pay £73,700
10 Jun 2011
Two former employees of UK mobile operator T-Mobile who illegally stole and sold select customer data from the company in 2008 have today been ordered to pay a total of £73,700 in fines and confiscation costs as part of a hearing at Chester Crown Court.

ICO hosts information sharing event in Wales
09 Jun 2011
Organisations from across the public and voluntary sectors will today be discussing the importance of effective data sharing at an event organised by the ICO in Cardiff.

ICO issues monetary penalty over misdirected emails
09 Jun 2011
The ICO today served Surrey County Council with a monetary penalty of £120,000 for a serious breach of the Data Protection Act after sensitive personal information was emailed to the wrong recipients on three separate occasions.

Sensitive information stolen from council worker’s unlocked bag
08 June 11
North Lanarkshire Council breached the Data Protection Act after the theft of a home support worker’s bag containing papers which included sensitive personal information, the ICO said today.

May

Charities breached data rules over unencrypted computer thefts
27 May 2011
Sheffield-based charity Asperger’s Children and Carers Together (ACCT) and Nottingham-based charity Wheelbase Motor Project both breached the Data Protection Act by failing to encrypt computers that contained sensitive information relating to young people, the ICO said today.

Co-op Life Planning commits to take action after thousands of customers’ details were published online
26 May 2011
Co-operative Life Planning (CLP) breached the Data Protection Act by failing to ensure a contractor followed the company’s security procedures, the ICO said today.

ICO gives website owners one year to comply with cookies law
25 May 2011
Organisations and businesses that run websites aimed at UK consumers are being given 12 months to 'get their houses in order' before enforcement of the new EU cookies law beings, the ICO said today.

Welsh Assembly Government feature on latest FOI monitoring list
16 May 2011
On 12 April, the Information Commissioner’s Office published its latest list of public authorities being monitored over the time they take to respond to freedom of information requests. Following the lifting of the communications restrictions imposed by purdah, the ICO can now confirm that the Welsh Assembly Government is also included on this list.

Teenager’s personal details sent to wrong family
13 May 2011
Somerset County Council breached the Data Protection Act by sending a social service assessment about a local teenager to the wrong family, the Information Commissioner’s Office said today. The Council reported the breach to the ICO in February 2011, shortly after the incident took place.

School in Aberdare commits to improve handling of FOI requests
12 May 2011
Aberdare Girls’ School has signed a commitment to improve its freedom of information practices following concerns over the school’s handling of a Freedom of Information (FOI) request.

UK code of practice on data sharing launched
11 May 2011
A new statutory code of practice designed to help businesses and public sector bodies share people's personal information appropriately has been published today by the ICO.

ICO fines former ACS Law boss for lax IT security
10 May 2011
The owner of former solicitors firm ACS Law has been served with a monetary penalty for failing to keep sensitive personal information relating to around 6,000 people secure, the ICO said today.

ICO advice on new EU cookies published
09 May 2011
Advice on how businesses and organisations can comply with a new EU law on the use of cookies technology has been published today by the ICO.

April

Response to data breach involving Sony’s PlayStation Network
27 April 2011
The Information Commissioner’s Office has issued a statement in response to concerns over a data breach involving Sony’s PlayStation Network.

School in Oldham breaches Data Protection Act
21 April 2011
Freehold Community School in Oldham has been found in breach of the Data Protection Act after the overnight theft of an unencrypted laptop from a teacher’s car.

Lax IT security measures led to NHS data breach in Birmingham
20 April 2011
NHS Birmingham East and North breached the Data Protection Act by failing to restrict access to files on their IT network.

ICO welcomes new powers to fine organisations for unwanted marketing calls and messages
20 April 2011
The Information Commissioner has today welcomed new powers to serve monetary penalties of up to £500,000 for the most serious incidents of businesses and other organisations making unwanted marketing phone calls or sending unwanted marketing emails to consumers.

80 students’ details found in campus skip
19 April 2011
Norwich City College has breached the Data Protection Act by dumping sensitive personal information relating to around 80 students in a campus skip.

Government departments facing regulatory action for transparency delays
12 April 2011
Several public bodies, including the Cabinet Office and the Ministry of Defence, have failed to meet the requirement to reduce the time they take to respond to FOI requests, the ICO announced today.

Paper records management systems need to be more robust, ICO warns
11 April 2011
The ICO is reminding organisations about the importance of keeping paper records secure after it found two healthcare organisations in breach of the Data Protection Act for losing files.

Council printer mix up breached data protection laws
05 April 2011
The City of York Council breached the Data Protection Act by accidentally disclosing personal data to a third party following a printer mix-up, the ICO said today.

Cornwall health trust disclosed third-party personal data
04 April 2011
Royal Cornwall Hospitals NHS Trust breached the Data Protection Act by disclosing third-party personal data on two occasions, the ICO said today.

March

Being anonymous 'an ever increasing challenge' in 2011, says Information Commissioner
30 March 2011
Advances in the internet, the scale of public information collected by public bodies and businesses, and the pressure to share data in the name of efficiency, make being anonymous in 2011 'an ever increasing challenge' Information Commissioner, Christopher Graham, will say today at an ICO seminar on anonymisation.

Privacy rules must be respected in run up to UK referendum and forthcoming elections, ICO warns
29 March 2011
Political parties and campaigners must respect data protection law when campaigning for the upcoming UK referendum and local and national elections, the Information Commissioner’s Office (ICO) said today.

40% of home Wi-Fi users don’t understand security settings
16 March 2011
An online survey commissioned by the ICO has shown that 40% of people who have Wi-Fi at home do not understand how to change the security settings on their Wi-Fi networks. New ICO guidance on the issue of Wi-Fi security aims to get people thinking about whether they are doing enough to keep their connection secure.

Confidential records dumped in skip
15 March 2011
Wolverhampton City Council breached the Data Protection Act by allowing confidential personal information to be disposed of in a skip, the Information Commissioner's Office said today.

UK businesses must ‘wake up’ to new EU law on cookies, Information Commissioner warns
08 March 2011
Businesses and other organisations running websites in the UK must ‘wake up’ to the fact that EU legislation, which will require them to get consent in order to store or access information on consumers’ computers, is coming into force soon, Information Commissioner Christopher Graham will say today in a speech at the ICO’s annual Data Protection Officer conference in Manchester.

February

Council caught out after loss of memory stick
23 February 2011
Cambridgeshire County Council has signed an undertaking after breaching the Data Protection Act following the loss of a memory stick containing sensitive data relating to vulnerable adults.

Renewal applications lost by Passport Service
21 February 2011
The Identity and Passport Service (IPS) breached the Data Protection Act by losing the passport renewal applications of 21 individuals.

Council sent benefit details to wrong recipients
18 February 2011
The Isle of Anglesey County Council breached the Data Protection Act after sending benefit details to the wrong recipients.

ICO response to the government’s announcement on the Protection of Freedoms Bill
11 February 2011
The Information Commissioner's Office has issued a response to the government’s announcement on the Protection of Freedoms Bill.

Around 10,000 people's details land in the wrong inbox
11 February 2011
Gwent Police is taking remedial action after the Information Commissioner’s Office (ICO) found it in breach of the Data Protection Act for accidentally emailing information relating to Criminal Records Bureau (CRB) checks performed by the force to a member of the public.

Councils fined for unencrypted laptop theft
08 February 2011
The Information Commissioner’s Office today served Ealing Council and Hounslow Council with monetary penalties for serious breaches of the Data Protection Act after the loss of two unencrypted laptops containing sensitive personal information.

Glasgow children to learn about staying safe online
07 February 2011
The ICO will be hosting an event with the international initiative 'The i in online' for young people from Cleveden Secondary School in Glasgow later today.

Information Commissioner's response to the Government's crime mapping initiative
01 February 2011
The Information Commissioner has issued a response to the Government's crime mapping initiative.

January

80% of people concerned about their personal details online
28 January 2011
A survey has revealed that 80% of people are concerned about protecting their personal information online, the Information Commissioner's Office said today.

Belfast children to learn about staying safe online
28 January 2011
The ICO will be hosting an event with the international initiative 'The i in online' for young people at Wellington College Co-educational Grammar School in Belfast later today. The event forms part of the ICO's celebrations for European Data Protection Day.

Cheshire children to learn about staying safe online
28 January 2011
The ICO will be hosting an event with the international initiative 'The i in online' for young people at Priestly College, Loreto Grammar School, Culcheth Hall School, Cheadle Hulme School, Altrincham Grammar School for Girls and Fallibroome Academy at our offices in Wilmslow later today. The event forms part of the ICO's celebrations for European Data Protection Day.

Cardiff children to learn about staying safe online
28 January 2011
The ICO will be hosting an event with the international initiative 'The i in online' for young people at Radyr Comprehensive School in Cardiff later today. The event forms part of the ICO's celebrations for European Data Protection Day.

Vale of Glamorgan children to learn about staying safe online
28 January 2011
The ICO will be hosting an event with the international initiative 'The i in online' for young people at Stanwell School in the Vale of Glamorgan later today. The event forms part of the ICO's celebrations for European Data Protection Day.

Councillors urged to check their data protection obligations
25 January 2011
Councillors who handle personal data must check if they need to register as a data controller or risk a fine of up to £5,000, the Information Commissioner’s Office (ICO) said today. The ICO is writing to councillors across the country to urge them to check if they are fulfilling their legal requirements under the Data Protection Act.

Organ donation preferences of over 400,000 people recorded inaccurately
21 January 2011
The organ donation preferences of 444,031 people were recorded inaccurately on the Organ Donation Register (ODR) due to a software error, the Information Commissioner’s Office said today.

Department of Health ordered to release costs of flu vaccination
19 January 2011
The Information Commissioner's Office has ordered the Department of Health to disclose informating relating to the costs of purchasing the flu vaccine that was in use in February 2010.

Take control of your credit file in 2011 says ICO
17 January 2011
The Information Commissioner's Office is challenging the British public to make 2011 the year they ensure that their credit reference file is accurate and up to date.

ICO statement on investigation into 2006 FIFA World Cup ticket information disclosure
13 January 2011
The ICO has issued a statement in conclusion of its investigation into 2006 FIFA World Cup ticket information disclosure. The ICO has concluded that there is no evidence to suggest that any person has unlawfully obtained personal information within the UK, or that any person or organisation has breached UK data protection laws.

Top tips on freedom of information for communications professionals
12 January 2011
The Information Commissioner’s Office today published a set of top tips on freedom of information for communications professionals working in public authorities.

Information Commissioner’s response to the Government’s plans to extend the scope of the Freedom of Information Act
07 January 2011
The Information Commissioner has issued a statement which welcomes proposals that the Government has set out today on expanding the scope of the Freedom of Information Act.

Sensitive Scottish court records discovered at recycling bank
05 January 2011
The Scottish Court Service breached the Data Protection Act by failing to take sufficient steps to prevent court documents containing sensitive personal details being accidentally disposed of at a local recycling bank in Glasgow, the Information Commissioner’s Office said today.