The ICO exists to empower you through information.

The guidance on this page is suitable for large businesses in the public, private and third sectors. Small businesses should use the resources on our small business web hub.

Brief guidance 

A guide to information security

Guidance on information security, passwords, security outcomes, encryption and ransomware. 

Detailed guidance


Types of encryption, implementing encryption, information storage and information transfers.

Working from home

Bring your own device (BYOD), working from home securely, video conferencing and a security checklist. 

Personal data breaches

What is a personal data breach, when you need to report to the ICO, when you need to inform individuals and how to risk assess.

Email and security

Is an email address personal information, whether you should use BCC, and what other security measures to take.


Information security self-assessment 

Assess your compliance with data protection in information and cyber security, including policy and risk, mobile and home working, removable media, access controls and malware protection.

Help us improve our website