The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

News releases - 2012

Subscribe via RSS

ICO announces latest list of authorities for FOI monitoring 
21 December 2012
The ICO has announced that four public authorities will be monitored for three months in the new year over concerns about the timeliness of their responses to Freedom of Information requests.

What did we learn in 2012? ICO highlights information revealed by FOI in your area 
20 December 2012
Any idea what links Roald Dahl and Lucian Freud? Or how many police and community officers have criminal records? What about the number of fake pound coins in circulation? And how much do you think it costs to re-stuff and re-condition a 120-year-old boa constrictor?

Local councils fined £300,000 for losing personal data
17 December 2012
The ICO has criticised local government’s attitude towards protecting personal data, after four local councils were issued civil monetary penalties.

ICO consults on subject access code of practice 
13 December 2012
The ICO has launched a consultation on a new draft code that will help organisations handle subject access requests, while supporting the public in taking control of their personal information.

Comment on the Joint Committee's Comms Data Bill report
11 December 2012
"As I have said throughout this process, it is ultimately for Parliament to judge the proposals contained in the draft bill...

Bank employee fined for reading partner’s ex-wife’s statements
6 December 2012
A bank employee has been fined after a court heard she unlawfully accessed bank statements of her partner’s ex-wife.

ICO statement in response to Lord Justice Leveson’s report
4 December 2012
The ICO has issued a statement in response to Lord Justice Leveson’s report.

Spam texters fined nearly half a million pounds as ICO cracks down on illegal marketing industry
28 November 2012
The ICO has today served monetary penalties totalling £440,000 on two owners of a marketing company which has plagued the public with millions of unlawful spam texts over the past three years.

Plymouth City Council fined £60,000 for sending child neglect report to wrong person
22 November 2012
The ICO has today served a monetary penalty of £60,000 to Plymouth City Council for a serious breach of the Data Protection Act where the details of a child neglect case were sent to the wrong recipient.

New anonymisation code sets out how to manage privacy risks and maintain transparency
20 November 2012
The ICO has today published its data protection code of practice on managing the risks related to anonymisation. The code explains how to protect the privacy rights of individuals while providing rich sources of data.

Prudential fined £50,000 for customer account confusion
6 November 2012
The ICO has issued a warning to the financial sector after a mix-up over the administration of two customers’ accounts led to tens of thousands of pounds, meant for an individual’s retirement fund, ending up in the wrong account.

Penalty highlights need for encryption of sensitive data
25 October 2012
The ICO is reminding organisations that sensitive personal information should be encrypted when being stored and sent electronically.

Police force pays £120,000 penalty for data breach
16 October 2012
An ICO investigation into a data breach at Greater Manchester Police has concluded with the force being fined for failing to take appropriate measures against the loss of personal data.

Private sector leads the way on data protection compliance but ‘room for improvement’ elsewhere
11 October 2012
A series of reports published by the The ICO today has highlighted the positive approaches many private sector companies are adopting to look after people’s data. However concerns remain about data protection compliance within the local government sector and the NHS.

‘Entirely avoidable’ loss of sensitive children’s records leads to penalty for London charity
10 October 2012
A social care charity has been served a monetary penalty of £70,000 after highly sensitive information about the care of four young children was lost after being left outside a London home, the ICO announced today.

Illegal marketers set for six figure penalty from the ICO
1 October 2012
The ICO has today confirmed that it is set to issue two monetary penalties totalling well over £250,000 to two illegal marketers who have been responsible for distributing millions of spam texts.

Cloud on the horizon for data-handling outsourcing
27 September 2012
The ICO has published guidelines to businesses today to underline that companies remain responsible for how personal data is looked after, even if they pass it to cloud network providers.

Report offers school data protection advice
17 September 2012
A report released today aims to help schools ensure they are handling pupils’ personal information in-line with the law.

Council fined £250,000 after employee records found in supermarket car park recycle bin
11 September 2012
A Council whose former employees’ pension records were found in an over-filled paper recycle bank in a supermarket car park have been fined £250,000 for the data breach.

Students reminded of their information rights on results day
15 August 2012
The ICO has reminded students of their information rights as this year’s A-Level results are soon to be published. Under the Data Protection Act students can see information held about them, such as a breakdown of their marks, by making a subject access request to the examination body.

Charities urged to sign up for ICO data protection ‘check up’ as top five tips revealed
8 August 2012
Charities and third sector organisations stand to benefit most from a data protection ‘check up’, the ICO confirmed today as the ICO published its top five areas for improvement for small and medium sized organisations.

Sensitive details of NHS staff published by Devon Trust
6 August 2012
A health trust in Torquay has been served with a £175,000 penalty after the sensitive details of over 1,000 employees were accidentally published on the Trust’s website, the ICO announced today.

Lancashire bar owner prosecuted for failing to register CCTV equipment
2 August 2012
A Lancashire bar owner has been prosecuted by ICO for failing to register his premises’ use of CCTV equipment.

ICO statement on Ministerial veto of ICO decision over Iraq Cabinet minutes
31 July 2012
The ICO has issued a statement in response to the Ministerial veto of an ICO decision over Iraq Cabinet minutes.

ICO statement on Google Street View data
27 July 2012
The ICO has issued the following statement today in response to information received from Google about the retention of Street View data.

ICO statement on post-legislative scrutiny of the Freedom of Information Act
26 July 2012
The ICO has issued the following statement today on the Justice Select Committee's post-legislative scrutiny of the Freedom of Information Act.

Council ordered to stop unlawful recording of taxi passengers’ conversations
25 July 2012
Southampton City Council has been ordered to stop the mandatory recording of passengers’ and drivers’ conversations in the city’s taxis, the ICO announced today.

ICO takes action after medical examination results are sent to the wrong address
12 July 2012
The ICO has issued a penalty of £60,000 to St George’s Healthcare NHS Trust in London after a vulnerable individual’s sensitive medical details were sent to the wrong address.

New guide explains the Environmental Information Regulations
11 July 2012
The ICO has today published a new plain English Guide to the Environmental Information Regulations (EIR) to help public authorities better understand how to apply them.

ICO shows its teeth, as the public’s concern over illegal marketing calls grows
5 July 2012
Organisations are learning the hard way of the consequences of mishandling people’s information – and others need to heed the lessons the Information Commissioner, Christopher Graham, warned today at the launch of the ICO’s 2011/12 annual report.

ICO statement on unwanted marketing calls and text messages
2 July 2012
The ICO has issued the following statement today on unwanted marketing calls and text messages.

ICO statement in response to Open Data White Paper
28 June 2012
The ICO has issued the following statement today in response to the publication of the Open Data White Paper.

Belfast Trust fined £225,000 after leaving thousands of patient records in disused hospital
19 June 2012
Belfast Health and Social Care Trust has been served with a Civil Monetary Penalty of £225,000 following a serious breach of the Data Protection Act , the ICO said today.

ICO launches IT security guide for small businesses
18 June 2012
The ICO has today published a new guide for small and medium sized businesses, showing a series of clear, practical steps they can take to help make their IT systems safe and secure.

ICO statement in response to the publication of the Communications Data Bill
14 June 2012
The ICO has issued a statement in response to the publication of the Communications Data Bill.

Telford and Wrekin Council fined £90,000 following disclosure of vulnerable children’s data
6 June 2012
Telford and Wrekin Council has been issued with a penalty of £90,000 by the ICO, following a breach of the Data Protection Act involving the disclosure of confidential and sensitive personal data relating to four vulnerable children.

NHS Trust fined £325,000 following data breach affecting thousands of patients and staff
1 June 2012
Brighton and Sussex University Hospitals NHS Trust has been served with a Civil Monetary Penalty of £325,000 following a serious breach of the Data Protection Act, the ICO said today.

ICO consults on new anonymisation code of practice
31 May 2012
The Information Commissioner’s Office (ICO) has begun a public consultation on a new anonymisation code of practice. The code will provide guidance on how information can be successfully anonymised and how to assess the risks of identification.

London NHS Trust fined £90,000 for serious data breach
21 May 2012
Central London Community Healthcare NHS Trust has been fined £90,000 following a serious breach of the Data Protection Act, the ICO announced today.

ICO to revise publication scheme requirements
17 May 2012
The ICO has today announced that new changes will be made to the information public authorities will need to release proactively as part of their publication scheme.

Council fined £70,000 for losing highly sensitive data
16 May 2012
The London Borough of Barnet has been issued with a penalty of £70,000 for losing paper records containing highly sensitive and confidential information, including the names, addresses, dates of birth and details of the sexual activities of 15 vulnerable children or young people.

ICO statement on the NHS Risk Register ministerial veto
8 May 2012
The ICO has issued a statement in response to the news that the Secretary of State for Health, Andrew Lansley, will be imposing the ministerial veto in relation to the disclosure of the NHS Risk Register.

ICO issues first penalty to the NHS following serious data breach
30 April 2012
A Welsh health board has become the first NHS organisation to be served a monetary penalty following a serious breach of the Data Protection Act, the ICO said today.

ICO report finds many people becoming a ‘soft touch’ for online fraudsters
25 April 2012
The ICO is urging consumers to take better care of their data, following an investigation into the trade in used hard drives. The ICO has published new guidance to help individuals securely delete personal information from their old devices.

ICO statement: London Marathon website possible data breach
24 April 2012
The ICO has responded to reports of a possible data breach on the London Marathon website.

ICO statement: response to concerns over Cabinet Office data sharing proposals
24 April 2012
The ICO has published a statement in response to concerns over Cabinet Office data sharing proposals.

Leicestershire County Council in data breach
17 April 2012
Leicestershire County Council have breached the Data Protection Act, following the theft of a briefcase containing sensitive personal data from a social worker’s home, the Information Commissioner’s Office said today.

Online security flaw leads to data breach at Toshiba
17 April 2012
Toshiba Information Systems (UK) have breached the Data Protection Act (DPA) after the personal details of 20 competition entrants were compromised by a security flaw on their website, the Information Commissioner’s Office (ICO) said today.

ICO statement on Operation Motorman
10 April 2012
The ICO has published a statement in response to the publication of material from the Operation Motorman files.

ICO statement: Response to concerns around government plans to monitor online communications and calls
2 April 2012
The ICO has responded to concerns around government plans to monitor online communications and calls.

Company directors use council employee to illegally access tenants’ details
30 March 2012
A Slough letting agent and one of its directors who unlawfully obtained details about their tenants from a rogue employee at Slough Borough Council have been found guilty of committing offences under Section 55 of the Data Protection Act 1998 (DPA).

Warwickshire-based company in medical data breach
27 March 2012
A Warwickshire-based company has committed to taking action to protect personal data, following a breach of the Data Protection Act (DPA).

Government departments speed up FOI response times – but six new public authorities told to improve
20 March 2012
The Information Commissioner has today welcomed improvements by the Ministry of Defence (MoD) and the Cabinet Office in their response times to freedom of information (FOI) requests. But, six more public authorities, including the Welsh Government, have been required to sign undertakings committing them to speeding up the time it takes to respond to requests.

Lancashire Constabulary receives penalty after loss of missing person’s report
14 March 2012
The ICO has served a monetary penalty of £70,000 to Lancashire Constabulary after papers containing sensitive information about a 15 year old girl were found on a street in Blackpool. This is the first penalty the ICO has served to a police force.

Scottish charity signs ICO undertaking following personal data theft
9 March 2012
A Scottish charity - based in Glasgow - breached the Data Protection Act after two unencrypted memory sticks and papers containing the personal details of up to 101 individuals were stolen from an employee’s home.

ICO statement on Department for Education decision notice
2 March 2012
The ICO has published a statement regarding a decision it issued in the case involving a request for information in an email sent by the Secretary of State for Education on a private email account.

University published personal data in online training manual
1 March 2012
Durham University breached the Data Protection Act after disclosing personal information in training materials published on its website, the ICO said today.

The Information Commissioner presents ministerial veto report to Parliament
29 February 2012
The Information Commissioner has presented a report to Parliament setting out his response to Attorney General, Dominic Grieve’s, recent freedom of information veto.

Letting agent unlawfully tried to access tenant’s benefit details
27 February 2012
A letting agent who unlawfully tried to obtain details about a tenant’s finances from the DWP has been found guilty of an attempt to commit an offence under section 55 of the Data Protection Act and the Criminal Attempts Act.

Private detectives jailed for blagging: ICO statement
27 February 2012
The Information Commissioner has published a statement in response to today's convictions under the Fraud Act.

Council fined for serious email disclosure
15 February 2012
Cheshire East Council has been ordered to pay a monetary penalty of £80,000 for failing to take appropriate measures to ensure the security and appropriateness of disclosure when emailing personal information, the ICO said today.

Councils fined for serious data breaches
13 February 2012
The ICO has served monetary penalties totalling £180,000 to two councils for failing to keep highly sensitive information about the welfare of children secure. These latest penalties bring the total amount served by the ICO to organisations found in serious breach of the Data Protection Act to over one million pounds.

Councils must take data protection seriously, Information Commissioner warns
10 February 2012
Five councils breached the Data Protection Act by failing to keep people’s personal information secure, Information Commissioner, Christopher Graham, said today.

ICO statement on Devolution minutes
8 February 2012
The ICO has published a response to the government's decision to veto disclosure of minutes from the Cabinet Committee on Devolution.

Financial company loses over 600 customers’ details
3 February 2012
A financial services company with operations in the UK, USA and Middle East breached the Data Protection Act by losing over 600 customers’ personal details, the ICO said today.

Plain English Guide to Freedom of Information launched
30 January 2012
The Information Commissioner has today published a new plain English Guide to Freedom of Information to help public authorities better understand what the Act says and how to apply it.

Midlothian Council handed penalty for five serious data breaches
30 January 2012
The ICO has imposed a monetary penalty of £140,000 on Midlothian Council for disclosing sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions. The penalty is the first that the ICO has served against an organisation in Scotland.

Too many consumers being denied access to their information, says ICO
27 January 2012
Too many consumers are being denied the right to access the information that companies or public bodies hold about them, Information Commissioner, Christopher Graham, said today.

ICO statement: Initial response on the proposal for a new general Data Protection Regulation
25 January 2012
The ICO has issued a statement on the European Commission's proposal.

Action taken after care provider lost unencrypted memory stick
18 January 2012
A care provider with offices in Northern Ireland and the Isle of Man has taken action to improve its data protection practices following a joint ruling by the Information Commissioner’s Office and the Office of the Data Protection Supervisor.

Health worker convicted of obtaining patient details unlawfully
12 January 2012
A former health worker has pleaded guilty to unlawfully obtaining patient information by accessing the medical records of five members of her ex-husband’s family in order to obtain their new telephone numbers.