The Information Commissioner’s Office (ICO) published its 2018/2019 Annual Report on 8 July 2019. Here is a short summary:
- The number of enquiries the ICO received increased by 66% to just under half a million.
- The number of data protection complaints almost doubled compared with the previous year.
- Subject Access Requests made up the largest category of data protection complaints (38%), followed by disclosure of data (16%).
- The ICO received notice of 13,840 personal data breaches (compared with 3,311 in 2017/2018); only 0.05% of which led to a monetary penalty or fine.
- The ICO issued 22 monetary penalty notices for breaches of the Data Protection Act 1998, with fines of a total of just over £3 million. The largest fines were to Equifax, Facebook, Uber, Yahoo! and the Crown Prosecution Service.
- The ICO received 6,418 complaints related to the Freedom of Information Act (FOIA) (compared with 5,705 complaints the previous year).
- More than 70% of appeals to the First Tier Tribunal against the ICO’s decision notices related to freedom of information failed.
- The ICO’s major investigations included the use of data analytics in political campaigning and the use of mobile phone extraction for policing purposes.
- In March 2019, the ICO’s regulatory sandbox received 64 applications.
- The ICO will deliver four statutory codes of practice during 2019 to 2020: the Age Appropriate Design Code, the Data Sharing Code (an update to the existing Code), the Direct Marketing Code, and the Data Protection and Journalism Code.
- In collaboration with the Alan Turing Institute, the ICO will also create guidance on the use of artificial intelligence and data.
If you would like any further information or advice, I can be contacted at: firstname.lastname@example.org