Dear Information Commissioner's Office,

In addition to the requests for information below, please provide the criteria that the ICO uses when assessing whether or not to prosecute under section 77 of the FoIA.

For each case below, please provide copies of all communications between your office and the named authority when dealing with each case below.

Please note that in each case there is an unlawful failure to provide information that is disclosable under the FoIA and in each case that withheld information is associated with child sex exploitation.
Further research has shown that the public authorities have the information, but have shown intent not to provide it, contrary to section 77 of the FoIA.
It is therefore required that the ICO, an office created to uphold the FoIA, initiate prosecutions, and enforce the law with the powers granted to it by Parliament.

Rotherham Metropolitan Borough Council
Case 1104-2021 10 March 2021
https://www.whatdotheyknow.com/request/c...

Please provide a date when I can expect either the receipt of all outstanding information or confirmation of a section 77 prosecution, or both.

South Yorkshire Police and Crime Commissioner
Case FOI 1335/21 11 April 2021
https://www.whatdotheyknow.com/request/c...

Please provide a date when I can expect either the receipt of all outstanding information or confirmation of a section 77 prosecution, or both.

Rotherham Metropolitan Borough Council
Case 670-2021 10 December 2020
https://www.whatdotheyknow.com/request/t...

Please provide a date when I can expect either the receipt of all outstanding information or confirmation of a section 77 prosecution, or both.

South Yorkshire Police
Case 20210259 30 January 2021
https://www.whatdotheyknow.com/request/c...

Please provide a date when I can expect either the receipt of all outstanding information or confirmation of a section 77 prosecution, or both.

Sheffield City Council
Case FOI/1673 6 February 2020

https://www.whatdotheyknow.com/request/c...
Please provide a date when I can expect either the receipt of all outstanding information or confirmation of a section 77 prosecution, or both.

The Local Government and Social Care Ombudsman

This case asked for local Ombudsman contact details, so that they might be directly informed of issues relating to child sex exploitation, insider dealing, and maladministration.
The information was refused and the ICO was informed.

Case 20/224 8 January 2021
https://www.whatdotheyknow.com/request/l...
South Yorkshire Police
Case 20202119 Review 20202122 10 March 2020
https://www.whatdotheyknow.com/request/c...

The ICO has upheld the decision of SYP to refuse to provide the information on the grounds that processing the original request would incur costs above the Section 12 limit.
The ICO advises that there is the option to place a new request that would not exceed the cost limit, whilst seeking the same information.
Advice will be taken before further action, as the issue is far too important to let go.
SYP have still to provide the case metadata, due shortly, [ December 2020 ] so this case remains open.

Please provide a date when I can expect either the receipt of all outstanding information or confirmation of a section 77 prosecution, or both.

I look forward to the early receipt of the above information.

Yours faithfully,

p cialfi

icoaccessinformation, Swyddfa'r Comisiynydd Gwybodaeth

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit:

[1]https://ico.org.uk/about-the-ico/our-inf...

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

For information about what we do with personal data see our [2]privacy
notice.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found
[3]here.

Twitter

Find us on Twitter [4]here.

 

References

Visible links
1. https://ico.org.uk/about-the-ico/our-inf...
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/about-the-ico/news-an...
4. http://www.twitter.com/ICOnews

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

2 June 2021

Case reference: IC-109610-D8X0

Dear P Cialfi

Thank you for your recent request for information. We received your
request on 24 May 2021. Your request has now been allocated to me to
consider under the reference number above.

In summary, your request asks:
"In addition to the requests for information below, please provide the
criteria that the ICO uses when assessing whether or not to prosecute
under section 77 of the FoIA.

For each case below, please provide copies of all communications between
your office and the named authority when dealing with each case below.”

Under statutory timeframes our response to your request is due by 22 June
2021. However, due to the pandemic it may not be possible to respond to
your request by this date. The ICO has arrangements in place in accordance
with UK Government guidelines to stop the spread of COVID-19, and we
continue to experience high demand for our services despite our reduced
capacity.

If you have any queries about this information request you may email us,
quoting our reference number in the subject line. Please note that
Information Access Officers are only able to address information requests
to ICO; they are unable to assist with complaints to ICO, or to provide
general advice about the legislation we oversee.

Our privacy notice explains what we do with the personal data you provide
to us when you make an information request:

[1]https://ico.org.uk/global/privacy-notice...

Thank you for your interest in the work of the Information Commissioner's
Office.

Yours sincerely

Antonia Swann
Lead Information Access Officer
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0330 414 6894  [2]ico.org.uk  [3]twitter.com/iconews

Please consider the environment before printing this email

For information about what we do with personal data see our privacy notice
at [4]www.ico.org.uk/privacy-notice

References

Visible links
1. https://ico.org.uk/global/privacy-notice...
2. https://ico.org.uk/
3. https://twitter.com/iconews
4. https://ico.org.uk/global/privacy-notice/

Dear ICO Casework,

Whilst the usual time for responding has passed, I acknowledge that you did in fact indicate that your response may be delayed.

Yours sincerely,

p cialfi

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

25 June 2021

Case reference: IC-109610-D8X0
Dear P Cialfi

Thank you for your email of 24 June 2021, and please accept our apologies
for the delay in our response to your information request.

Regrettably the current pandemic continues to cause disruption to our
processes, and in this instance has delayed our response to your request.

We are sorry for this delay, and appreciate your patience.

We will respond to your request as soon as possible, and will provide you
with either a further update or our final response by 23 July 2021.

Yours sincerely

Antonia Swann
Lead Information Access Officer
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0330 414 6894  [1]ico.org.uk  [2]twitter.com/iconews

Please consider the environment before printing this email

For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice

dangos adrannau a ddyfynnir

Dear ICO Casework,

Thank you for your update.

Yours sincerely,

p cialfi

icocasework, Swyddfa'r Comisiynydd Gwybodaeth

To read this email in English click [1]here

I darllen yr ebost yn y Gymraeg, cliciwch [2]yma

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time.  You can also call us on 0303 123 1113 or
contact us via live chat. 

 
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it.  But
we will do our best to provide you with the information you need.
 
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
 
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.  

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.

If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
 
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
 
If you have only copied your correspondence to us - we will not respond.
 
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
 
For information about what we do with personal data please see our
[17]privacy notice.
 
Yours sincerely
 
The Information Commissioner’s Office
 
Our newsletter
You can [18]sign up to our monthly e-newsletter
 
 
Pwnc: Mae’ch neges ebost wedi dod i law

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb.  Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.

 
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus. 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd. 

Yn gywir

Swyddfa’r Comisiynydd Gwybodaeth

Ein cylchlythyr

Gallwch [34]gofrestru i gael ein e-gylchlythyr misol

 

 

References

Visible links
1. file:///tmp/foiextract20210625-15988-bw8qh8#English
2. file:///tmp/foiextract20210625-15988-bw8qh8#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

23 July 2021

Case reference: IC-109610-D8X0
Dear P Cialfi

Further to our previous email of 25 June, regrettably we are still not yet
in a position to respond to your information request.

We again apologise for this delay, and for any inconvenience caused.

We are actively working on your request and will respond as soon as
possible, and will provide you with either a further update or our final
response by 20 August 2021.

Yours sincerely

Antonia Swann
Lead Information Access Officer
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0330 414 6894  [1]ico.org.uk  [2]twitter.com/iconews

Please consider the environment before printing this email

For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice

References

Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://ico.org.uk/global/privacy-notice/

Dear Information Commissioner's Office,

Please review your decision not to provide the information required.

Yours faithfully,

p cialfi

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

6 August 2021

Case reference: IC-109610-D8X0

Dear P Cialfi

Thank you for your email of 23 July 2021.

This correspondence will now be treated as a request for an internal
review of our handling of your request for information under the Freedom
of Information Act 2000.

We will aim to respond by 23 August 2021 which is 20 working days from the
day after we received your email, in accordance with our internal review
procedures.

Please note that we are still aiming to provide you with a final response
to your information request by Friday 20 August. 

Yours sincerely

Antonia Swann
Lead Information Access Officer
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0330 414 6894  [1]ico.org.uk  [2]twitter.com/iconews

Please consider the environment before printing this email

For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice

------------------- Original Message

dangos adrannau a ddyfynnir

Please use this email address for all replies to this request:

[FOI #758215 email]

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:

[36]https://eur03.safelinks.protection.outlo...

For more detailed guidance on safely disclosing information, read the
latest advice from the ICO:

[37]https://eur03.safelinks.protection.outlo...

Please note that in some cases publication of requests and responses will
be delayed.

If you find this service useful as an FOI officer, please ask your web
manager to link to us from your organisation's FOI page.

-------------------------------------------------------------------

References

Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://ico.org.uk/global/privacy-notice/
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://eur03.safelinks.protection.outlo...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. https://eur03.safelinks.protection.outlo...
32. http://ico.org.uk/about_us/how_we_work/s...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...
35. https://eur03.safelinks.protection.outlo...
36. https://eur03.safelinks.protection.outlo...
37. https://eur03.safelinks.protection.outlo...

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

10 August 2021 

Case Reference: IC-109610-D8X0 

Dear P Cialfi

I write in response to your request for internal review of 23 July 2021.

My name is Jessica Lalor and I am a Team Manager in the Information 
Access Team. I have been asked to review the way we have handled your
request for information. I can confirm that I have had no prior
involvement in the handling of this request.

Your request for review was on the basis that you have not yet received a
response to your request and we have therefore failed to respond to your
request within the 20 working days allowed by the legislation.

Our response has not been provided within the twenty working days allowed
by the FOIA. Clearly this is in breach of section 10 of the Act and I
therefore uphold your complaint on this basis, and apologise for the
continued delay. Nonetheless, in the circumstances, I am satisfied with
Antonia Swann's handling of the case and that they are actively working on
providing you with a response as quickly as possible. I have asked
that Antonia provides you a response or further update as to the progress
of this case within two weeks.

It may be helpful to understand that information access officers do not
deal with requests in isolation. Your request is being dealt with in
tandem with the hundreds of other requests we receive each month, which
also demand time and consideration, at a time when we are dealing with a
very high demand for our services. You will appreciate that a global
pandemic has further impact on the capacity of any organisation to
prioritise the handling of information requests, something which, as
regulator, we have recognised.

Nevertheless, I apologise that you have not received the service we would
have liked to have provided you with on this occasion. I confirm your
internal review challenge is upheld and I have asked that Antonia
Swann provide you with a response or further update in two weeks time.
Should you remain dissatisfied the steps available to you are outlined
below. This concludes my response to your internal review request.

Complaint procedure

If you are dissatisfied with the outcome of this review you can make a
formal complaint with the ICO in its capacity as the regulator of the
Freedom of Information Act 2000. Please follow the link below to submit
your complaint:

[1]https://ico.org.uk/make-a-complaint/

Your information

Please note that our Privacy notice explains what we do with the personal
data you provide to us and what your rights are.

This includes entries regarding the specific purpose and legal basis for
the ICO processing information that people that have provided us with,
such as an information requester.

The length of time we keep information is laid out in our retention
schedule, which can be found on our website.

Yours sincerely,

Jessica Lalor  
Information Access Team Manager 
Information Commissioner's Office

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0330 414 6497 [2]ico.org.uk [3]twitter.com/iconews
Please consider the environment before printing this email.
For information about what we do with personal data see our privacy notice
at [4]www.ico.org.uk/privacy-notice.

References

Visible links
1. https://ico.org.uk/make-a-complaint/
2. https://ico.org.uk/
3. https://twitter.com/iconews
4. https://www.ico.org.uk/privacy-notice

Dear ICO Casework,

Thank you Jessica Lalor.

I look forward to the information soon.

Yours sincerely,

p cialfi

icocasework, Swyddfa'r Comisiynydd Gwybodaeth

To read this email in English click [1]here

I darllen yr ebost yn y Gymraeg, cliciwch [2]yma

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time.  You can also call us on 0303 123 1113 or
contact us via live chat. 

 
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it.  But
we will do our best to provide you with the information you need.
 
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
 
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.  

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.

If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
 
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
 
If you have only copied your correspondence to us - we will not respond.
 
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
 
For information about what we do with personal data please see our
[17]privacy notice.
 
Yours sincerely
 
The Information Commissioner’s Office
 
Our newsletter
You can [18]sign up to our monthly e-newsletter
 
 
Pwnc: Mae’ch neges ebost wedi dod i law

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb.  Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.

 
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus. 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd. 

Yn gywir

Swyddfa’r Comisiynydd Gwybodaeth

Ein cylchlythyr

Gallwch [34]gofrestru i gael ein e-gylchlythyr misol

 

 

References

Visible links
1. file:///tmp/foiextract20210810-26297-4i33jw#English
2. file:///tmp/foiextract20210810-26297-4i33jw#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

20 August 2021

Case reference: IC-109610-D8X0

Dear P Cialfi

Further to our last email of 10 August, in which Jessica Lalor provided a
response to your request for a review of our handling of your information
request, we're sorry to advise that we are still unable to respond to your
information request.

We apologise again for this delay, which we appreciate will be
frustrating, but please be assured that we are actively working on your
request

We will respond as soon as we can, and in any event will provide you with
a further update or our final response by 3 September 2021.

Yours sincerely

Antonia Swann
Lead Information Access Officer
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0330 414 6894  [1]ico.org.uk  [2]twitter.com/iconews

Please consider the environment before printing this email

For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice

References

Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://ico.org.uk/global/privacy-notice/

Dear ICO Casework,
Thank you for your notice of 20 August 2021 saying that you are again delaying the provision of information.
I am very disappointed.
What is causing these constant delays?
Yours sincerely,
p cialfi
21 August 2021

icocasework, Swyddfa'r Comisiynydd Gwybodaeth

To read this email in English click [1]here

I darllen yr ebost yn y Gymraeg, cliciwch [2]yma

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time.  You can also call us on 0303 123 1113 or
contact us via live chat. 

 
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it.  But
we will do our best to provide you with the information you need.
 
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
 
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.  

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.

If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
 
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
 
If you have only copied your correspondence to us - we will not respond.
 
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
 
For information about what we do with personal data please see our
[17]privacy notice.
 
Yours sincerely
 
The Information Commissioner’s Office
 
Our newsletter
You can [18]sign up to our monthly e-newsletter
 
 
Pwnc: Mae’ch neges ebost wedi dod i law

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb.  Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.

 
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus. 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd. 

Yn gywir

Swyddfa’r Comisiynydd Gwybodaeth

Ein cylchlythyr

Gallwch [34]gofrestru i gael ein e-gylchlythyr misol

 

 

References

Visible links
1. file:///tmp/foiextract20210821-2170-1krk8bv#English
2. file:///tmp/foiextract20210821-2170-1krk8bv#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...

Gadawodd p cialfi anodiad ()

Gamekeeper or Gatekeeper?
These constant delays bring the ICO outside and in breach of section 10.
No reasonable justification has been provided for these delays, which constitute refusals.
Refusals should be provided by S17, quoting exemptions referenced in the FoIA that are alleged to have been engaged.
The ICO is the expert on FoIA, so these failures can reasonably be considered as wilful i.e. a breach of S77 by an ICO that may believe that it is above the law it was created to enforce.
Whilst Contempt of Court proceedings against the ICO for failure to comply may be in the minds of those at the ICO, waiting for an outcome is not a legitimate exemption to disclosure.
It is interesting that the seemingly bizarre behaviour of the ICO here consistently involves cases of child sex exploitation.
Judges need to know what is going on.

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

2 Atodiad

4 November 2021

Case reference: IC-109610-D8X0

Dear P Cialfi

Further to your information request to the Information Commissioner's
Office of 24 May 2021, please find our response attached.

Yours sincerely

Antonia Swann
Lead Information Access Officer
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0330 414 6894  [1]ico.org.uk  [2]twitter.com/iconews

Please consider the environment before printing this email

For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice

References

Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://ico.org.uk/global/privacy-notice/

Dear ICO Casework,
Child Sex Exploitation
Thank you for your recent email concerning cases originated via these pages ( wdtk ).
Whilst some material has been provided, it is regrettable that we are no further forward.
The authorities and institutions holding information about child sex exploitation have not provided the information required.
It is also unfortunate that the false claim of S12 ( cost ) has been upheld - the claim is simply not true and the wdtk thread with SYP shows this - the question is simple, WHO ordered the senior police detective to 'wind his neck in' - that question does not require expenditure exceeding the S12 limit.

You say that you are going to send further information via my private email.
I am happy for that information to be posted on these pages.
Upon receipt, I will then weigh my options.

Yours sincerely,

p cialfi

Dear ICO Casework,

Could you please provide an update on this case, and post on these pages.

I have not received a response from 4 November 2021, notwithstanding your previous statement of opinion.

Yours sincerely,

p cialfi

icocasework, Swyddfa'r Comisiynydd Gwybodaeth

To read this email in English click [1]here

I darllen yr ebost yn y Gymraeg, cliciwch [2]yma

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time.  You can also call us on 0303 123 1113 or
contact us via live chat. 

 
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it.  But
we will do our best to provide you with the information you need.
 
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
 
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.  

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.

If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
 
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
 
If you have only copied your correspondence to us - we will not respond.
 
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
 
For information about what we do with personal data please see our
[17]privacy notice.
 
Yours sincerely
 
The Information Commissioner’s Office
 
Our newsletter
You can [18]sign up to our monthly e-newsletter
 
 
Pwnc: Mae’ch neges ebost wedi dod i law

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb.  Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.

 
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus. 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd. 

Yn gywir

Swyddfa’r Comisiynydd Gwybodaeth

Ein cylchlythyr

Gallwch [34]gofrestru i gael ein e-gylchlythyr misol

 

 

References

Visible links
1. file:///tmp/foiextract20220202-23212-kwg529#English
2. file:///tmp/foiextract20220202-23212-kwg529#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

3 February 2022

Case reference: IC-109610-D8X0

Dear P Cialfi

Further to your email of 2 February 2022, you have queried why we have not
responded to your previous correspondence of 4 November 2021.

We sent two emails to you on 4 November 2021, one via your ‘What Do They
Know?’ (WDTK) account and the other to your private email address, both
containing our combined response to your information request.

In your reply to us via WDTK of 4 November you commented on your
complaints to the ICO, and stated:

“You say that you are going to send further information via my private
email.

I am happy for that information to be posted on these pages.

Upon receipt, I will then weigh my options.”

In spite of your suggestion that we could post our response to your
private email address on your WDTK account, we did not consider this
appropriate.

As far as we are concerned we have responded to your information request
in full, via your WDTK account and private email address, and consider
this information request to be concluded.

However, if you did not receive our response to your private email address
of 4 November please let us know, and we will send it again.

Any other issues relating to your complaints to the ICO would need to be
raised directly with the relevant case officers, using your private email
account. WDTK is designed solely to facilitate information requests under
the Freedom of Information Act 2000 and the Environmental Information
Regulations 2004, and should not be used to exchange correspondence with
public authorities about other matters.

Yours sincerely

Antonia Swann
Senior Information Access Officer
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0330 414 6894  [1]ico.org.uk  [2]twitter.com/iconews
Please consider the environment before printing this email

For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice

References

Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://ico.org.uk/global/privacy-notice/

Dear ICO Casework,

Thank you for your reply.

Could you please resend your reply on this wdtk site only.

A: You made a quote about to where you may send information.
I did NOT give permission to send responses to my private email address.
You have written:
"In spite of your suggestion that we could post our response to your
private email address on your WDTK account, we did not consider this
appropriate."

B. Those cases have developed, so more information should be available, hence my email.
Whilst you may claim that the request is closed, I respectfully do not agree.

C. Please carry out the following two activities:
C1. Please review the decision(s) made by the ICO in this case, and
C2. Please provide the metadata related to this case.

Yours sincerely,

p cialfi

icocasework, Swyddfa'r Comisiynydd Gwybodaeth

To read this email in English click [1]here

I darllen yr ebost yn y Gymraeg, cliciwch [2]yma

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time.  You can also call us on 0303 123 1113 or
contact us via live chat.  If you have any special requirements that mean
you would like us to communicate with you in a specific way, please let us
know and we will make adjustments if we can.
 
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it.  But
we will do our best to provide you with the information you need.
 
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
 
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.  

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.

If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
 
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
 
If you have only copied your correspondence to us - we will not respond.
 
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
 
For information about what we do with personal data please see our
[17]privacy notice.
 
Yours sincerely
 
The Information Commissioner’s Office
 
Our newsletter
You can [18]sign up to our monthly e-newsletter
 
 
Pwnc: Mae’ch neges ebost wedi dod i law

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb.  Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.

 
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus. 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd. 

Yn gywir

Swyddfa’r Comisiynydd Gwybodaeth

Ein cylchlythyr

Gallwch [34]gofrestru i gael ein e-gylchlythyr misol

 

 

References

Visible links
1. file:///tmp/foiextract20220205-16312-jk5gvt#English
2. file:///tmp/foiextract20220205-16312-jk5gvt#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

18 February 2022

Case reference: IC-109610-D8X0

Dear P Cialfi

Further to your email of 5 February 2022, you have raised some more points
you wish us to address.

Point A

You have asked us to reply on this WDTK site only. However, your
information requests to the ICO often relate to complaints you have made
to us, and the information we hold includes your personal data. As such
your requests become a subject access request under data protection
legislation, and it is not appropriate to use the WDTK site for this
correspondence.

We would remind you that the WDTK site confirms it is “A site to help
anyone submit a Freedom of Information request”.

Also, the WDTK ‘House Rules’ page sates:

“Use WhatDoTheyKnow only to request specific information, not for general
correspondence with public authorities, and certainly not for personal
correspondence.”

and

“Only use WhatDoTheyKnow.com to request information which anyone could
expect to obtain if they requested it. If you have a specific right to
information, for example you are seeking your own personal information,
then you should correspond privately with the public body concerned to
request it. Requests for your own personal data are known as Subject
Access requests and [1]the Information Commissioner has published advice
on making such requests.”
Going forward we will only correspond with you via WDTK in connection with
an FOI request, where disclosure to the wider public is appropriate.

If you continue to use WDTK to raise queries or make subject access
requests for your own personal data then, in view of your instruction not
to contact you via your private email address instead, we may not be able
to reply at all.

Point B

You have referred to your complaint cases with the ICO, and suggested that
“more information should be available”.

If you wish to have an update on the current position of each case you
will need to contact the relevant case officer directly, preferably by
replying to their previous correspondence using the given ICO email
address and reference number quoted in the subject line.

If you wish to make a request for any additional, new information held in
connection with any of those cases, then you should submit a new request
to the ICO privately, and not via WDTK. We cannot consider previous or
existing requests to apply to new information as it is created, on a
rolling basis.

You have also referred to our statement that we consider this information
request to be closed, but you do not agree.

We responded to your information request, via WDTK and your private email
address, on 4 November 2021. We accept our response was late, and outside
the statutory response times under both Freedom of Information Act 2000
and the GDPR, and have apologised for this.

Despite this, in our view we have provided you with all the information to
which you were entitled. The information you sought was either provided to
you, or we confirmed it was not held. No information was withheld.

As far as we are concerned this information request is now concluded.

Point C

You have asked “Please review the decision(s) made by the ICO in this
case”.

By “this case” we assume you mean this information request to the ICO, and
NOT one of your complaint cases.

If this is correct, we would point out that in accordance with our review
procedure we ask that any request for a review is submitted within 40
working days of our response. As our response was sent on 4 November, that
40 day deadline has now expired, we do not intend to carry out a review.

You may still submit a complaint to the ICO as regulator of the Freedom of
Information Act 2000 about our response to this request, but bear in mind
they may refuse to accept your complaint due to the time elapsed since our
response, and on the grounds no review has been carried out.

You have also asked “Please provide the metadata in this case”.

Assuming this is a new request for information, we would ask for
clarification before we can consider this further.

For example, we do not know what you mean by ‘metadata’.

It is also not clear which case you are referring to, for example if you
are asking for information about this information request case, under our
reference IC-109610-D8X0, or another case you have with us.

Either way, the likelihood is your new request is asking for your own
personal data, and we will not deal with it over WDTK.

Instead, we would ask that you submit your request again via your private
email account, and provide the clarification we need by clearly stating
what information you are seeking access to and which cases you are
referring to by reference number.

Yours sincerely

Antonia Swann
Senior Information Access Officer
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0330 414 6894  [2]ico.org.uk  [3]twitter.com/iconews

Please consider the environment before printing this email

For information about what we do with personal data see our privacy notice
at [4]www.ico.org.uk/privacy-notice

References

Visible links
1. https://ico.org.uk/your-data-matters/you...
2. https://ico.org.uk/
3. https://twitter.com/iconews
4. https://ico.org.uk/global/privacy-notice/

Dear ICO Casework,

I have taken independent advice on this case.

You say you refuse to answer questions on this site because to do so would mean disclosing my personal details.

Given that I have posted on this web site, any restriction on publication of your response is waived.

Please confirm that, in future, if this web site is used for enquiries for which the ICO is required to respond, then the ICO shall provide prompt and full disclosures on this web site.

Yours sincerely,

p cialfi

icocasework, Swyddfa'r Comisiynydd Gwybodaeth

 

 

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. If you have any special
requirements that mean you would like us to communicate with you in a
specific way, please let us know and we will make adjustments if we can.

 

If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our website (www.ico.org.uk) for
relevant guidance, as we are updating this all the time. You should read
our [1]Guide to the UK GDPR. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it. But
will do our best to provide you with the information you need.

 

 

If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the responsible organization (for a data
protection complaint) or the responsible public authority (for a freedom
of information complaint) first. Please make sure you have sent us a copy
of their final response to you. We will assign your complaint to a case
officer as soon as we can, and they will contact you in due course.

 

 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the First-tier Tribunal to require us to respond
to your complaint or to provide you with information about its progress.
(www.gov.uk - information rights and data protection: appeal against the
Information Commissioner)

 

 

If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about data breach reporting on our website.

 

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting. (www.ncsc.gov.uk
-incident-management)

 

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action
Fraud (www.actionfraud.police.uk) - the UK’s national fraud and cybercrime
reporting centre. If your organisation is in Scotland, then reports should
be made to Police Scotland (www.scotland.police.uk).

 

 

 

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via the secure portal that can be found
on the PECR pages of our website.

 

 

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the NIS Regulations on our website.

 

 

If you represent an organization and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the eIDAS regulation on our
website.

 

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the action we've taken on nuisance messages on our
website.

 

 

 

If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our public and statutory service levels. For more
information please visit our webpage ‘request information from us’ (go to
our homepage and follow the link for ‘about the ICO’ and ‘our
information’).

 

 

 

If you have only copied your correspondence to us - we will not respond.

 

 

 

There is more detailed information, including information on our current
response times, on our service standards and what to expect webpage. You
can also call 0303 123 1113, we welcome calls in Welsh on 029 2067 8400.
You can also contact us on live chat (please visit our webpage ‘contact
us’ and ‘live chat’).

 

 

For information about what we do with personal data please see our privacy
notice: https://ico.org.uk/global/privacy-notice/

 

 

Yours sincerely

 

 

The Information Commissioner’s Office

 

 

 

 

 

 

 

 

 

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Rydym
yn cadarnhau bod eich gohebiaeth wedi dod i law. Os oes gennych unrhyw
ofynion arbennig sy'n golygu yr hoffech i ni gyfathrebu â chi mewn ffordd
benodol, rhowch wybod i ni a byddwn yn gwneud addasiadau os gallwn.

 

 

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [2]gwefan
(www.ico.org.uk) i chwilio am ganllawiau perthnasol, gan eu bod yn cael eu
diweddaru drwy’r amser. Hefyd dylech ddarllen ein [3]blogiau ynghylch
‘mythau’r GDPR’. Os ydych wedi codi cwestiwn sydd wedi’i ateb ar ein
gwefan, mae’n bosibl y byddwn yn ymateb drwy anfon dolen atoch i gysylltu
â’r ateb.  Ond fe wnawn ein gorau glas i roi’r wybodaeth angenrheidiol
ichi

 

 

 

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r sefydliad cyfrifol
(cwyn am ddiogelu data) neu’r awdurdod cyhoeddus cyfrifol (cwyn am ryddid
gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u hymateb
terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn gynted ag y
gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

 

 

 

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ICO ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd
eich cwyn. (www.gov.uk - information rights and data protection: appeal
against the Information Commissioner)

 

 

 

 

 

 

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am roi gwybod am droseddau data ar ein gwefan.

 

 

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.
(www.ncsc.gov.uk -incident-management)

 

 

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud (www.actionfraud.police.uk) –
sef canolfan genedlaethol y Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a
seiberdroseddau. Os yw eich sefydliad yn yr Alban, yna i Heddlu’r Alban y
dylech chi roi gwybod (www.scotland.police.uk).

 

 

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [4]porth diogel sydd ar
gael ar y tudalennau ar ein gwefan sy’n ymwneud â’r PECR.

 

 

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am Reoliadau’r NIS ar ein gwefan.

 

 

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am Reoliad eIDAS ar ein gwefan.

 

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am y camau rydyn ni
wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

 

 

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein lefelau gwasanaeth
statudol a chyhoeddus. I gael rhagor o wybodaeth, ewch i’n tudalen gwe
‘request information from us’ (ewch i’n tudalen hafan a dilynwch y ddolen
‘about the ICO’ ac ‘our information’).

 

 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

 

Mae gwybodaeth fanylach, gan gynnwys gwybodaeth am ein hamserau ymateb
presennol, ar ein tudalen gwe safonau gwasanaeth a beth i’w ddisgwyl.
Gallwch ffonio hefyd ar 029 2067 8400, neu yn Saesneg ar 0303 123 1113.
Gallwch gysylltu â ni hefyd i gael sgwrs fyw (ewch i’n tudalen gwe
‘contact us’ a ‘live chat’).

 

 

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein hysbysiad preifatrwydd: https://ico.org.uk/global/privacy-notice/

 

 

Yn gywir

 

 

Swyddfa’r Comisiynydd Gwybodaeth 

 

References

Visible links
1. https://ico.org.uk/for-organisations/gui...
2. https://emea01.safelinks.protection.outl...
3. https://ico.org.uk/for-organisations/gui...
4. https://report.ico.org.uk/security-breach/

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

18 October 2022

Case reference: IC-109610-D8X0

Dear P Cialfi

Further to your email of 13 October 2022, you have again raised the issue
of the ICO’s refusal to respond to your information requests via the
WhatDoTheyKnow website where they constitute a subject access request.

Specifically, you have asked “Please confirm that, in future, if this web
site is used for enquiries for which the ICO is required to respond, then
the ICO shall provide prompt and full disclosures on this web site.”.

In short, our answer is no.

We would refer you once again to our previous response of 18 February
2022, under Point A, where we clearly set out the reasons why we will not
respond to any subject access request or enquiry via WDTK.

To repeat, the WDTK site was created to facilitate information requests
under the Freedom of Information Act 2000 only.

Yours sincerely

Antonia Swann
Senior Information Access Officer
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0330 414 6894  [1]ico.org.uk  [2]twitter.com/iconews

Please consider the environment before printing this email

For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice

dangos adrannau a ddyfynnir

Dear ICO Casework,
22 October 2022
https://www.whatdotheyknow.com/request/c...

It was previously written:
"You say you refuse to answer questions on this site because to do so would mean disclosing my personal details.
Given that I have posted on this web site, any restriction on publication of your response is waived.
Please confirm that, in future, if this web site is used for enquiries for which the ICO is required to respond, then the ICO shall provide prompt and full disclosures on this web site.!

Your reply was 'No'

Please process your response and have it posted on this site.
Please escalate this issue to your line manager.
Please raise this issue of your refusal as my formal complaint against the ICO.

It is important that the ICO is publicly seen to be open, honest, transparent and accountable.
By refusing, the public can have no confidence that the ICO is being open, honest, transparent and accountable.
Given the recent Professor Jay report, the ICO should be especially open with respect to an issue of such national concern as child sex exploitation, rather than being secretive.
It is noted that the ICO has refused to process a metadata request upon the ICO with respect to child sex exploitation, claiming, in effect, that it is manifestly unreasonable to be reasonably persistent to ask for information about child sex exploitation.

Yours sincerely,

p cialfi

icocasework, Swyddfa'r Comisiynydd Gwybodaeth

 

 

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. If you have any special
requirements that mean you would like us to communicate with you in a
specific way, please let us know and we will make adjustments if we can.

 

If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our website (www.ico.org.uk) for
relevant guidance, as we are updating this all the time. You should read
our [1]Guide to the UK GDPR. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it. But
will do our best to provide you with the information you need.

 

 

If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the responsible organization (for a data
protection complaint) or the responsible public authority (for a freedom
of information complaint) first. Please make sure you have sent us a copy
of their final response to you. We will assign your complaint to a case
officer as soon as we can, and they will contact you in due course.

 

 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the First-tier Tribunal to require us to respond
to your complaint or to provide you with information about its progress.
(www.gov.uk - information rights and data protection: appeal against the
Information Commissioner)

 

 

If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about data breach reporting on our website.

 

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting. (www.ncsc.gov.uk
-incident-management)

 

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action
Fraud (www.actionfraud.police.uk) - the UK’s national fraud and cybercrime
reporting centre. If your organisation is in Scotland, then reports should
be made to Police Scotland (www.scotland.police.uk).

 

 

 

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via the secure portal that can be found
on the PECR pages of our website.

 

 

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the NIS Regulations on our website.

 

 

If you represent an organization and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the eIDAS regulation on our
website.

 

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the action we've taken on nuisance messages on our
website.

 

 

 

If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our public and statutory service levels. For more
information please visit our webpage ‘request information from us’ (go to
our homepage and follow the link for ‘about the ICO’ and ‘our
information’).

 

 

 

If you have only copied your correspondence to us - we will not respond.

 

 

 

There is more detailed information, including information on our current
response times, on our service standards and what to expect webpage. You
can also call 0303 123 1113, we welcome calls in Welsh on 029 2067 8400.
You can also contact us on live chat (please visit our webpage ‘contact
us’ and ‘live chat’).

 

 

For information about what we do with personal data please see our privacy
notice: https://ico.org.uk/global/privacy-notice/

 

 

Yours sincerely

 

 

The Information Commissioner’s Office

 

 

 

 

 

 

 

 

 

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Rydym
yn cadarnhau bod eich gohebiaeth wedi dod i law. Os oes gennych unrhyw
ofynion arbennig sy'n golygu yr hoffech i ni gyfathrebu â chi mewn ffordd
benodol, rhowch wybod i ni a byddwn yn gwneud addasiadau os gallwn.

 

 

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [2]gwefan
(www.ico.org.uk) i chwilio am ganllawiau perthnasol, gan eu bod yn cael eu
diweddaru drwy’r amser. Hefyd dylech ddarllen ein [3]blogiau ynghylch
‘mythau’r GDPR’. Os ydych wedi codi cwestiwn sydd wedi’i ateb ar ein
gwefan, mae’n bosibl y byddwn yn ymateb drwy anfon dolen atoch i gysylltu
â’r ateb.  Ond fe wnawn ein gorau glas i roi’r wybodaeth angenrheidiol
ichi

 

 

 

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r sefydliad cyfrifol
(cwyn am ddiogelu data) neu’r awdurdod cyhoeddus cyfrifol (cwyn am ryddid
gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u hymateb
terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn gynted ag y
gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

 

 

 

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ICO ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd
eich cwyn. (www.gov.uk - information rights and data protection: appeal
against the Information Commissioner)

 

 

 

 

 

 

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am roi gwybod am droseddau data ar ein gwefan.

 

 

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.
(www.ncsc.gov.uk -incident-management)

 

 

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud (www.actionfraud.police.uk) –
sef canolfan genedlaethol y Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a
seiberdroseddau. Os yw eich sefydliad yn yr Alban, yna i Heddlu’r Alban y
dylech chi roi gwybod (www.scotland.police.uk).

 

 

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [4]porth diogel sydd ar
gael ar y tudalennau ar ein gwefan sy’n ymwneud â’r PECR.

 

 

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am Reoliadau’r NIS ar ein gwefan.

 

 

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am Reoliad eIDAS ar ein gwefan.

 

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am y camau rydyn ni
wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

 

 

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein lefelau gwasanaeth
statudol a chyhoeddus. I gael rhagor o wybodaeth, ewch i’n tudalen gwe
‘request information from us’ (ewch i’n tudalen hafan a dilynwch y ddolen
‘about the ICO’ ac ‘our information’).

 

 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

 

Mae gwybodaeth fanylach, gan gynnwys gwybodaeth am ein hamserau ymateb
presennol, ar ein tudalen gwe safonau gwasanaeth a beth i’w ddisgwyl.
Gallwch ffonio hefyd ar 029 2067 8400, neu yn Saesneg ar 0303 123 1113.
Gallwch gysylltu â ni hefyd i gael sgwrs fyw (ewch i’n tudalen gwe
‘contact us’ a ‘live chat’).

 

 

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein hysbysiad preifatrwydd: https://ico.org.uk/global/privacy-notice/

 

 

Yn gywir

 

 

Swyddfa’r Comisiynydd Gwybodaeth 

 

References

Visible links
1. https://ico.org.uk/for-organisations/gui...
2. https://emea01.safelinks.protection.outl...
3. https://ico.org.uk/for-organisations/gui...
4. https://report.ico.org.uk/security-breach/

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

28 October 2022

Our reference: IC-109610-D8X0
Dear P Cialfi,

Further to your email of 22 October 2022, you have asked the ICO to take
three separate actions. Our response to each is detailed below.

“Please process your response and have it posted on this site.”

In line with our previous responses to this same question, our answer
remains no.

“Please escalate this issue to your line manager.”
Your email of 22 October is being treated as a service complaint about our
response to this information request, submitted via WDTK, and has been
passed to one of the Information Access Team Managers.

You can expect a full response by 21 November 2022. This is 30 calendar
days from the date we received your complaint. If for any reason we cannot
respond by this date we will let you know and tell you when you can expect
a response.

“Please raise this issue of your refusal as my formal complaint against
the ICO.”
The ICO as a regulator will not accept complaints submitted via WDTK. We
repeat, the sole purpose of WDTK is to facilitate information requests
made under the Freedom of Information Act 2000.

You will need to submit your complaint by a different means. The ICO
recommends that complaints are made using the online ‘Make a complaint’
link here:

[1]Make a complaint | ICO

Yours sincerely

Antonia Swann
Senior Information Access Officer
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0330 414 6894  [2]ico.org.uk  [3]twitter.com/iconews

Please consider the environment before printing this email

For information about what we do with personal data see our privacy notice
at [4]www.ico.org.uk/privacy-notice

dangos adrannau a ddyfynnir

Dear ICO Casework,

Thank you for your reply, in which you again refuse to publish your responses on this web site.
It is important that through the use of this wdtk web site the principles of openness, honesty, transparency and accountability can be publicly seen to be upheld.
I have now made a formal complaint to the ICO and reasonably expect that the whole issue will be considered, not just a single point, as there is a tendency for individual aspects to be diminished in significance absent whole context.
Whether you reply by email or not is up to you, although not my wish.
However, in whatever format you respond, the outcomes shall be published on this site so that the public can see the progress of this and the related cases.

Yours sincerely,

p cialfi

icocasework, Swyddfa'r Comisiynydd Gwybodaeth

 

 

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. If you have any special
requirements that mean you would like us to communicate with you in a
specific way, please let us know and we will make adjustments if we can.

 

If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our website (www.ico.org.uk) for
relevant guidance, as we are updating this all the time. You should read
our [1]Guide to the UK GDPR. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it. But
will do our best to provide you with the information you need.

 

 

If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the responsible organization (for a data
protection complaint) or the responsible public authority (for a freedom
of information complaint) first. Please make sure you have sent us a copy
of their final response to you. We will assign your complaint to a case
officer as soon as we can, and they will contact you in due course.

 

 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the First-tier Tribunal to require us to respond
to your complaint or to provide you with information about its progress.
(www.gov.uk - information rights and data protection: appeal against the
Information Commissioner)

 

 

If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about data breach reporting on our website.

 

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting. (www.ncsc.gov.uk
-incident-management)

 

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action
Fraud (www.actionfraud.police.uk) - the UK’s national fraud and cybercrime
reporting centre. If your organisation is in Scotland, then reports should
be made to Police Scotland (www.scotland.police.uk).

 

 

 

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via the secure portal that can be found
on the PECR pages of our website.

 

 

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the NIS Regulations on our website.

 

 

If you represent an organization and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the eIDAS regulation on our
website.

 

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the action we've taken on nuisance messages on our
website.

 

 

 

If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our public and statutory service levels. For more
information please visit our webpage ‘request information from us’ (go to
our homepage and follow the link for ‘about the ICO’ and ‘our
information’).

 

 

 

If you have only copied your correspondence to us - we will not respond.

 

 

 

There is more detailed information, including information on our current
response times, on our service standards and what to expect webpage. You
can also call 0303 123 1113, we welcome calls in Welsh on 029 2067 8400.
You can also contact us on live chat (please visit our webpage ‘contact
us’ and ‘live chat’).

 

 

For information about what we do with personal data please see our privacy
notice: https://ico.org.uk/global/privacy-notice/

 

 

Yours sincerely

 

 

The Information Commissioner’s Office

 

 

 

 

 

 

 

 

 

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Rydym
yn cadarnhau bod eich gohebiaeth wedi dod i law. Os oes gennych unrhyw
ofynion arbennig sy'n golygu yr hoffech i ni gyfathrebu â chi mewn ffordd
benodol, rhowch wybod i ni a byddwn yn gwneud addasiadau os gallwn.

 

 

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [2]gwefan
(www.ico.org.uk) i chwilio am ganllawiau perthnasol, gan eu bod yn cael eu
diweddaru drwy’r amser. Hefyd dylech ddarllen ein [3]blogiau ynghylch
‘mythau’r GDPR’. Os ydych wedi codi cwestiwn sydd wedi’i ateb ar ein
gwefan, mae’n bosibl y byddwn yn ymateb drwy anfon dolen atoch i gysylltu
â’r ateb.  Ond fe wnawn ein gorau glas i roi’r wybodaeth angenrheidiol
ichi

 

 

 

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r sefydliad cyfrifol
(cwyn am ddiogelu data) neu’r awdurdod cyhoeddus cyfrifol (cwyn am ryddid
gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u hymateb
terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn gynted ag y
gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

 

 

 

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ICO ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd
eich cwyn. (www.gov.uk - information rights and data protection: appeal
against the Information Commissioner)

 

 

 

 

 

 

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am roi gwybod am droseddau data ar ein gwefan.

 

 

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.
(www.ncsc.gov.uk -incident-management)

 

 

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud (www.actionfraud.police.uk) –
sef canolfan genedlaethol y Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a
seiberdroseddau. Os yw eich sefydliad yn yr Alban, yna i Heddlu’r Alban y
dylech chi roi gwybod (www.scotland.police.uk).

 

 

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [4]porth diogel sydd ar
gael ar y tudalennau ar ein gwefan sy’n ymwneud â’r PECR.

 

 

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am Reoliadau’r NIS ar ein gwefan.

 

 

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am Reoliad eIDAS ar ein gwefan.

 

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am y camau rydyn ni
wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

 

 

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein lefelau gwasanaeth
statudol a chyhoeddus. I gael rhagor o wybodaeth, ewch i’n tudalen gwe
‘request information from us’ (ewch i’n tudalen hafan a dilynwch y ddolen
‘about the ICO’ ac ‘our information’).

 

 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

 

Mae gwybodaeth fanylach, gan gynnwys gwybodaeth am ein hamserau ymateb
presennol, ar ein tudalen gwe safonau gwasanaeth a beth i’w ddisgwyl.
Gallwch ffonio hefyd ar 029 2067 8400, neu yn Saesneg ar 0303 123 1113.
Gallwch gysylltu â ni hefyd i gael sgwrs fyw (ewch i’n tudalen gwe
‘contact us’ a ‘live chat’).

 

 

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein hysbysiad preifatrwydd: https://ico.org.uk/global/privacy-notice/

 

 

Yn gywir

 

 

Swyddfa’r Comisiynydd Gwybodaeth 

 

References

Visible links
1. https://ico.org.uk/for-organisations/gui...
2. https://emea01.safelinks.protection.outl...
3. https://ico.org.uk/for-organisations/gui...
4. https://report.ico.org.uk/security-breach/

ICO Casework, Swyddfa'r Comisiynydd Gwybodaeth

11 November 2022 

Case Reference: IC-109610-D8X0 

Dear P Cialfi 

I write in response to your email of 22 October and your subsequent emails
in which you have complained about how Ms Swann has handled the response
to your information request. My name is Ian Goddard, I am an Information
Access Group Manager and I have been asked to review your complaint. I can
confirm I have had no prior involvement in the handling of your request.
The basis of your service complaint appears to be that you are
dissatisfied with our decision to not provide a response to your subject
access request or enquiries via the WDTK website despite the fact you have
requested, and given consent, for us to do so.

In short, I do not uphold your complaint. Ms Swann has explained, on
several occasions now, the reasons why we will not be responding to
subject access requests or general enquiries through the WDTK website, and
I am in full agreement with her reasoning and approach.

For these reasons I do not uphold your service complaint. This concludes
my consideration of the issues you have raised. I do not intend to
communicate with you further regarding this matter and the appropriate
next steps should you wish to pursue your complaints further are set out
below.

If you believe that the ICO has provided you with a poor service, or if
you believe we have not treated you properly or fairly then you may be
able to complain to: The Parliamentary and Health Service Ombudsman
(PHSO), Millbank Tower, Millbank, London, SW1P 4QP.
All complaints to the PHSO must be made through an MP. If you require
further information about the PHSO, you can call its helpline on 0345 015
4033 or visit its website ([1]www.ombudsman.org.uk).
Your information
Please note that our [2]Privacy notice explains what we do with the
personal data you provide to us and what your rights are.
This includes entries regarding the specific purpose and legal basis for
the ICO processing information that people that have provided us with,
such as an [3]information requester.
The length of time we keep information is laid out in our retention
schedule, which can be found [4]here.

Yours sincerely,

Ian Goddard 
Information Access Group Manager
Information Commissioner's Office

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0330 414 6823 [5]ico.org.uk [6]twitter.com/iconews
Please consider the environment before printing this email.
For information about what we do with personal data see our privacy notice
at [7]www.ico.org.uk/privacy-notice.

References

Visible links
1. http://www.ombudsman.org.uk/
2. https://ico.org.uk/global/privacy-notice...
3. https://ico.org.uk/global/privacy-notice...
4. https://ico.org.uk/media/about-the-ico/p...
5. https://ico.org.uk/
6. https://twitter.com/iconews
7. https://www.ico.org.uk/privacy-notice

Gadawodd p cialfi anodiad ()

On 24 May 2021, the ICO was required to explain how and why it consistently refused to prosecute under section 77 whenever public authorities refused to disclose information associated with child sex exploitation.
It is suggested that, through the use of what is termed ‘capture’ - the burying of an issue in bureaucratic process to avoid progress, the ICO is in effect acting as a gatekeeper in such a way as to protect those who fail to disclose information about child sex exploitation and consequently depriving the victims and survivors of closure.
It shall be recorded here that the ICO has refused to provide the information required.