ICO releases the Information Commissioner's Annual Report and Statement 2015/16

The Information Commissioner’s Office (ICO) recently released the Information Commissioner’s Annual Report and Statement 2015/16, which provides an insight into the operation of the ICO over the past year from an operational perspective. You can read the full text of the report here, however at a glance the following points are worth noting, as they inform the key trends we are seeing in the market at a practical level:

• 2015/16 saw over 16,300 data protection concerns brought to the attention of the ICO. This was a 15.1% increase over the previous 12 month period and correlates with our own experiences – simply, data continues to be a crucial resource to many businesses and increasing awareness of the risks involved in mishandling personal data means that, more than ever before, full compliance with the data protection regime is crucial.
• Complaints about access to information from public authorities have also increased over the past year. As to this, we have continued to see a level of willingness from individuals to use the rights granted under the Freedom of Information Act 2000 (FOIA), and for our clients who engage with public authorities in a business context, it highlights the importance of an information strategy in both a proactive and reactive sense as a protective measure against unwanted disclosure of information.
• The main areas of risk for the ICO in the coming year relate to: (i) political uncertainty; (ii) managing change arising from the EU referendum result and from changes in ICO senior management; and (iii) being able to accurately identify emerging information rights issues. A general lack of certainty accords with our own view of the data privacy landscape moving forwards, and we are closely monitoring the impact of Brexit on the implementation of the GDPR as well as compliance in the longer term.
• A crackdown on unsolicited marketing was a feature of ICO enforcement action in the last 12 months, and a good understanding of the Privacy and Electronic Communications Regulations (PECR) continues to prove a must for marketers as a result.
• The ICO has identified six core objectives from a strategy perspective. These are set out in the report and form the basis against which the ICO measures its operational performance. As a natural consequence of its work, the ICO is focused on ensuring that information rights and obligations are better understood by data controllers, processors and subjects alike and that proportionate responses are taken in enforcement. This is against the backdrop of the law as it stands now, and the approval in April of the General Data Protection Regulation (GDPR) and the detailed changes it introduces means that this is likely to increase over the coming 12 months. Please see our guidance on the GDPR for further information

If you would like any further information on any of the points noted above or in relation to your data protection requirements more generally, then please contact Beverley Flynn on +44 (0) 1483 734264, Charles Maurice on +44 (0) 1483 406791 or your usual Stevens & Bolton contact.