An article posted by data protection specialist Jon Baines on his personal blog revisits an earlier piece published on his employer's website in August 2023 concerning the criteria used by the Information Commissioner's Office (ICO) about its procedures for issuing formal reprimands. A freedom of information request at the time revealed that the ICO has no specific written policy covering the issuing of reprimands.
Over a year later, the ICO has still not clearly documented the process for making these decisions.
Baines writes that since January 2022, 84 reprimands have been made public, with the possibility of others that have not been disclosed. The ICO has acknowledged the absence of a specific written policy covering the issuing of reprimands and is reportedly working on formalising a process for reprimands. However, the lack of clarity regarding the criteria for issuing reprimands remains a concern for both organisations and the ICO itself. This ongoing ambiguity has left many questioning the basis for reprimands and the decision-making process behind them six years after the ICO gained the power to issue reprimands.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.
