To ask the Secretary of State for Digital, Culture, Media and Sport, what enforcement action has been taken by the Information Commissioner's Office (ICO) as regulator against the ICO as a data controller for non-compliance by the ICO with its obligations under data protection legislation in each of the last five years.
Section 15 of the ICO’s service guide explains how they handle data protection concerns about the ICO. It explains that they will deal with such concerns in line with our usual procedures. There are also various options for redress should a complainant be dissatisfied with the ICO’s handling of a complaint against them. Part 5 section 166 of the DPA 2018 sets out a complainant’s powers to initiate a judicial review if they are not satisfied with the process followed by the ICO in handling an investigation into their complaint.
If, having exhausted the ICO's complaints procedure, an individual remains dissatisfied about any aspect of any service they have received from the ICO, or considers that the ICO has not acted properly or fairly, they can take the matter to the Parliamentary and Health Service Ombudsman. Complaints to the Ombudsman must be made through the individual's MP. Further information about the Ombudsman’s service can be found on their website http:// www.ombudsman.org.uk.
Complainants can also go to the courts to claim compensation should the complainant feel that is appropriate.
The number and outcome of any DP complaints about the ICO as a data controller will be published in their datasets online.
The ICO haven’t taken any formal regulatory action against themselves as data controller.