Summary of IRQ0274721 - taken from e-mail of 21 October 2009

Prosecutions:

1) How many successful prosecutions has the ICO fielded in the last 3 years and what were the levels of fine imposed on each occasion by the courts (given the potential use of unlimited fines )?

2) How many times has the maximum fine been given out in the last 3
years?

3) Of those cases that have been considered for criminal action, how
many were finally subject to criminal proceedings and what was the
outcome in each case?

Enforcement Action:

4) In those cases where a breach of one of the eight data protection principles has occurred, what enforcement action was taken in each case?

Requests for Assessment:

5) In those cases where the ICO has considered the complaint under s42 of the DPA (as a `request for assessment') and upheld the complaint (whether remedial action was required to be taken or not), what was the outcome in each case?

6) In those cases where the where the ICO has considered the complaint under s42 of the DPA (as a `request for assessment'), how many complaints were not upheld?

7th data protection principle

I am particularly interested in Seventh Principle of the DPA - "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data ".

7) How many fines have been levied specifically in relation to the loss of data?

8) How many times was the maximum fine imposed in relation to the loss of data?

9) How many undertakings have been made by companies and individuals to comply with the DPA in the last 3 years and how many reported
breaches of those undertakings have taken place?