Informal action taken – we have determined that the breach as reported did not warrant use of our formal powers, such as a fine or reprimand. However, we did feel that some action was required, such as advice given. (Note: we changed our definitions of ‘informal action taken’ and ‘no further action’ in April 2021. This means there are far more cases recorded as ‘informal action taken’ since that date than before it, compared with ‘no further action cases’.)
Investigation pursued – the case is passed to our investigations or cyber investigations teams in order to determine what action, if any, is suitable in a particular case. This may not necessarily lead to a full investigation.
No further action – the investigations team has determined that no further action is required in response to the report. This could be because the issue did not involve any personal data or did not reach the threshold for action, for example. (Note: we changed our definitions of ‘informal action taken’ and ‘no further action’ in April 2021. This means there are far more cases recorded as ‘informal action taken’ since that date than before it, compared with ‘no further action cases’.)