DPIA
Dear Information Commissioner's Office,
Please could you provide all Data Protection Impact Assessments the ICO has completed since 2018.
Please note I do not require any personal data.
Yours faithfully,
Gemma Atkins
Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.
If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit:
[1]https://ico.org.uk/about-the-ico/our-inf...
If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.
If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.
If you have requested advice - we aim to respond within 14 days.
If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.
Copied correspondence - we do not respond to correspondence that has been
copied to us.
For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.
For information about what we do with personal data see our [2]privacy
notice.
If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.
Yours sincerely
The Information Commissioner’s Office
Our newsletter
Details of how to sign up for our monthly e-newsletter can be found
[3]here.
Find us on Twitter [4]here.
References
Visible links
1. https://ico.org.uk/about-the-ico/our-inf...
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/about-the-ico/news-an...
4. http://www.twitter.com/ICOnews
19 May 2021
Our reference: IC-106748-W4W5
Dear Gemma Atkins,
Thank you for your recent request for information. We received your
request on 16 May 2021. Your request will be allocated to an Information
Access Officer who will contact you under the reference number above in
due course.
Under statutory timeframes our response to your request is due by 14 June
2021. However, due to the pandemic it may not be possible to respond to
your request by this date. The ICO has arrangements in place in accordance
with UK Government guidelines to stop the spread of COVID-19, and we
continue to experience high demand for our services despite our reduced
capacity.
If you have any queries about this information request you may email us,
quoting our reference number in the subject line. Please note that
Information Access Officers are only able to address information requests
to ICO; they are unable to assist with complaints to ICO, or to provide
general advice about the legislation we oversee.
Our privacy notice explains what we do with the personal data you provide
to us when you make an information request:
https://ico.org.uk/global/privacy-notice...
Thank you for your interest in the work of the Information Commissioner's
Office.
Yours sincerely,
Eluned Cook
Information Access Support Officer
Information Commissioner’s Office
0330 414 6810
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0303 123 1113 [1]ico.org.uk [2]twitter.com/iconews
Please consider the environment before printing this email
Please be aware we are often asked for copies of the correspondence we
exchange with third parties. We are subject to all of the laws we deal
with, including the data protection laws and the Freedom of Information
Act 2000. You can read about these on our website ([3]www.ico.org.uk).
Please say whether you consider any of the information you send us is
confidential. You should also say why. We will withhold information where
there is a good reason to do so.
For information about what we do with personal data see our privacy notice
at [4]www.ico.org.uk/privacy-notice
References
Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/
4. https://www.ico.org.uk/privacy-notice
24 May 2021
Our reference: IC-106748-W4W5
Dear Gemma Atkins,
Before we can progress your request, I would like to ask you for some
clarification about the information you are trying to access.
You have asked for "all Data Protection Impact Assessments the ICO has
completed since 2018". I would appreciate your advice as to whether you
are seeking information about DPIAs where the ICO has been consulted in
our regulatory capacity, or any DPIAs the ICO has completed
internally regarding our own processing as a controller.
If you would like us to progress your request please respond providing the
above clarification as soon as possible.
Yours sincerely,
Shannon Keith
Senior Information Access Officer
Information Commissioner’s Office
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
[1]ico.org.uk [2]twitter.com/iconews
Please consider the environment before printing this email
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice
References
Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/privacy-notice
Dear Shanon,
I'm looking for all DPIAs the ICO has completed internally regarding your own processing as a controller.
I hope this helps.
Yours sincerely,
Gemma Atkins
To read this email in English click [1]here
I darllen yr ebost yn y Gymraeg, cliciwch [2]yma
Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time. You can also call us on 0303 123 1113 or
contact us via live chat.
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it. But
we will do our best to provide you with the information you need.
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course.
If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.
Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.
Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.
If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.
If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.
If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.
If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
If you have only copied your correspondence to us - we will not respond.
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
For information about what we do with personal data please see our
[17]privacy notice.
Yours sincerely
The Information Commissioner’s Office
Our newsletter
You can [18]sign up to our monthly e-newsletter
Pwnc: Mae’ch neges ebost wedi dod i law
Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.
Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb. Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi
Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.
Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.
Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.
Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.
Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.
Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.
Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus.
Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.
Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.
I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd.
Yn gywir
Swyddfa’r Comisiynydd Gwybodaeth
Ein cylchlythyr
Gallwch [34]gofrestru i gael ein e-gylchlythyr misol
References
Visible links
1. file:///tmp/foiextract20210528-18621-s0yazm#English
2. file:///tmp/foiextract20210528-18621-s0yazm#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...
Dear Information Commissioner's Office,
Please could you confirm when I should expect a reply to my FOIA request?
Yours faithfully,
Gemma Atkins
26 July 2021
Case Reference: IC-106748-W4W5
Dear G Atkins,
I hope you are well.
I have recently received your information request and I note that it is
overdue. I am sorry that our response to your request is overdue. I can
confirm that I am currently working on your request and I will respond as
soon as possible.
Yours sincerely,
Craig Ineson
Senior Information Access Officer
Information Commissioner's Office
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
[1]ico.org.uk [2]twitter.com/iconews
Please consider the environment before printing this email.
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice.
References
Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/privacy-notice
Dear Information Commissioner's Office,
Please pass this on to the person who conducts Freedom of Information reviews.
I am writing to request an internal review of Information Commissioner's Office's handling of my FOI request 'DPIA'.
FOI request not received.
A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.whatdotheyknow.com/request/d...
Yours faithfully,
Gemma Atkins
Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.
If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit:
[1]https://ico.org.uk/about-the-ico/our-inf...
If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.
If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.
If you have requested advice - we aim to respond within 14 days.
If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.
Copied correspondence - we do not respond to correspondence that has been
copied to us.
For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.
For information about what we do with personal data see our [2]privacy
notice.
If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.
Yours sincerely
The Information Commissioner’s Office
Our newsletter
Details of how to sign up for our monthly e-newsletter can be found
[3]here.
Find us on Twitter [4]here.
References
Visible links
1. https://ico.org.uk/about-the-ico/our-inf...
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/about-the-ico/news-an...
4. http://www.twitter.com/ICOnews
4 August 2021
Case Reference: IC-106748-W4W5
Dear Gemma
I write in response to your request for internal review of 28 July 2021.
My name is Jessica Lalor and I am a Team Manager in the Information Access
Team. I have been asked to review the way we handled your request for
information. I can confirm that I have had no prior involvement in the
handling of this request.
Your request for review was on the basis that you have not yet received a
response to your request and we have therefore failed to respond to your
request within the 20 working days allowed by the legislation.
Our response has not been provided within the twenty working days allowed
by the FOIA. Clearly this is in breach of section 10 of the Act and I
therefore uphold your complaint on this basis, and apologise for the
continued delay. Nonetheless, in the circumstances, I am satisfied that
Craig Ineson is actively working on providing you with a response as
quickly as possible after the request was recently allocated to him. I
have asked that Craig provide you a response or further update as to the
progress of this case within two weeks.
It may be helpful to understand that information access officers do not
deal with requests in isolation. Your request is being dealt with in
tandem with the hundreds of other requests we receive each month, which
also demand time and consideration, at a time when we are dealing with a
very high demand for our services. You will appreciate that the COVID-19
pandemic has had a further impact on the capacity of any organisation to
prioritise the handling of information requests, something which, as
regulator, we have recognised.
Nevertheless, I apologise that you have not received the service we would
have liked to have provided you with on this occasion. I confirm your
internal review challenge is upheld and I have asked that Craig provide
you with a response or further update in two weeks time. Should you remain
dissatisfied the steps available to you are outlined below. This concludes
my response to your internal review request.
Complaint procedure
If you are dissatisfied with the outcome of this review you can make a
formal complaint with the ICO in its capacity as the regulator of the
Freedom of Information Act 2000. Please follow the link below to submit
your complaint:
[1]https://ico.org.uk/make-a-complaint/
Your information
Please note that our Privacy notice explains what we do with the personal
data you provide to us and what your rights are.
This includes entries regarding the specific purpose and legal basis for
the ICO processing information that people that have provided us with,
such as an information requester.
The length of time we keep information is laid out in our retention
schedule, which can be found on our website.
Yours sincerely,
Jessica Lalor
Information Access Team Manager
Information Commissioner's Office
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0330 414 6497 [2]ico.org.uk [3]twitter.com/iconews
Please consider the environment before printing this email.
For information about what we do with personal data see our privacy notice
at [4]www.ico.org.uk/privacy-notice.
References
Visible links
1. https://ico.org.uk/make-a-complaint/
2. https://ico.org.uk/
3. https://twitter.com/iconews
4. https://www.ico.org.uk/privacy-notice
18 August 2021
Case Reference: IC-106748-W4W5
Dear G Atkins
I hope you are well.
In our 4 August response to your request for an internal review, Jessica
Lalor, Information Access Team Manager, advised that I would write to you
either with a response or a further update within two weeks of her email.
This is the purpose of my email today.
By way of an update, I am not in a position to respond today. So far, I
have conducted reasonable searched for DPIAs conducted by the ICO as a
controller and determined which information is in scope of your request.
Following this, I have started the internal consultation process with the
people and departments that own those DPIAs to seek views on disclosure.
The purpose of an internal consultation is to determine whether we can
disclose information, either fully, partially or indeed not at all if
prejudice is likely to result. I have asked for the owners of the DPIAs to
provide me with their views on disclosure by the end of next week, ie 27
August 2021.
While I cannot guarantee that I will have all views on disclosure by this
date, as some of the internal consultations are much larger than others, I
do hope to be in a much better position to know views on disclosure of the
vast majority of the DPIAs. Accordingly, I will send you a further update
two weeks from today to advise you of further progress I have made
following these internal consultations.
Thank you for your continued patience.
Yours sincerely,
Craig Ineson
Senior Information Access Officer
Information Commissioner's Office
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
[1]ico.org.uk [2]twitter.com/iconews
Please consider the environment before printing this email.
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice.
References
Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/privacy-notice
1 September 2021
Case Reference: IC-106748-W4W5
Dear Gemma,
I am writing to provide an update on your request, which I know you were
expecting on Monday.
I can confirm that we have been working on your request from the date I
received it. I know you will be aware that progress has been slower than I
would have liked. We do not work on cases in isolation and unfortunately
our case load has recently been high due to the number of requests we have
received and members of the team moving to different roles.
Nevertheless, I have been progressing your request. By way of an update on
your specific request, my scoping exercise returned a large amount of
information that potentially within the scope of your request. I have
spent a significant amount of time sending internal consultations in order
to establish views on disclosure from the asset owners across the
business. I can confirm that I have received internal views on disclosure
on about a third of the total DPIAs so far.
My internal consultation has also highlighted some issues, such as staff
having left the organisation, some of the DPIAs will require external
consultation, as well as questions as to whether DPIAs fall in scope of
the request or not. I am working to resolve these now as well as chasing
any internal consultations where I have not received a response or where I
need to contact someone else due to absence or because the person has
left.
I apologise for the amount of time you have waited and I assure you that I
am eager to complete this case and provide you with a response.
Yours sincerely,
Craig Ineson
Senior Information Access Officer
Information Commissioner's Office
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
[1]ico.org.uk [2]twitter.com/iconews
Please consider the environment before printing this email.
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice.
References
Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/privacy-notice
Dear ICO Casework,
Please could you confirm when I will receive my FOIA request?
Yours sincerely,
Gemma Atkins
To read this email in English click [1]here
I darllen yr ebost yn y Gymraeg, cliciwch [2]yma
Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time. You can also call us on 0303 123 1113 or
contact us via live chat.
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it. But
we will do our best to provide you with the information you need.
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course.
If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.
Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.
Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.
If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.
If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.
If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.
If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
If you have only copied your correspondence to us - we will not respond.
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
For information about what we do with personal data please see our
[17]privacy notice.
Yours sincerely
The Information Commissioner’s Office
Our newsletter
You can [18]sign up to our monthly e-newsletter
Pwnc: Mae’ch neges ebost wedi dod i law
Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.
Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb. Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi
Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.
Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.
Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.
Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.
Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.
Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.
Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus.
Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.
Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.
I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd.
Yn gywir
Swyddfa’r Comisiynydd Gwybodaeth
Ein cylchlythyr
Gallwch [34]gofrestru i gael ein e-gylchlythyr misol
References
Visible links
1. file:///tmp/foiextract20211005-2669-607qzp#English
2. file:///tmp/foiextract20211005-2669-607qzp#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...
18 October 2021
Case Reference: IC-106748-W4W5
Dear G Atkins
I hope you are well.
I am unable to provide you with an exact date when you will receive a
response. However, by way of an update, I have continued to work on this
request and I have views on disclosure on two-thirds of the DPIAs
potentially in scope of the request. I will continue to work with document
owners to establish views on disclosure and complete any required external
consultations until I am in a position to provide a disclosure.
I am sorry for the time taken to respond to this request. There is a large
amount of information in scope of the request and a number of stakeholders
involved in preparing our response. I can assure you that I am as keen to
respond to this request as you are to receive it. I will provide you with
an update in four weeks' time.
Yours sincerely,
Craig Ineson
Senior Information Access Officer
Information Commissioner's Office
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
[1]ico.org.uk [2]twitter.com/iconews
Please consider the environment before printing this email
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice.

Tim Turner left an annotation ()
If the ICO had any interest in being a serious transparency regulator, their approach to this request would be unthinkable. As it is, they have no authority to criticise any other public authority for FOI failings when it handles requests like this.
Dear Craig Ineson,
Please could you update me on the status of my FOIA request
Yours sincerely,
Gemma Atkins
To read this email in English click [1]here
I darllen yr ebost yn y Gymraeg, cliciwch [2]yma
Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time. You can also call us on 0303 123 1113 or
contact us via live chat.
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it. But
we will do our best to provide you with the information you need.
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course.
If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.
Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.
Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.
If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.
If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.
If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.
If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
If you have only copied your correspondence to us - we will not respond.
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
For information about what we do with personal data please see our
[17]privacy notice.
Yours sincerely
The Information Commissioner’s Office
Our newsletter
You can [18]sign up to our monthly e-newsletter
Pwnc: Mae’ch neges ebost wedi dod i law
Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.
Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb. Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi
Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.
Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.
Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.
Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.
Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.
Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.
Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus.
Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.
Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.
I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd.
Yn gywir
Swyddfa’r Comisiynydd Gwybodaeth
Ein cylchlythyr
Gallwch [34]gofrestru i gael ein e-gylchlythyr misol
References
Visible links
1. file:///tmp/foiextract20211116-12502-p04xqq#English
2. file:///tmp/foiextract20211116-12502-p04xqq#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...
27 November 2021
Case Reference: IC-106748-W4W5
Dear G Atkins
Thank you for your email of 16 November and I apologise for the late
reply.
Since my last email, I have continued to work on preparing this
disclosure. I have both internal and external views on disclosure on
almost every DPIA now, with only 2-3 outstanding. I’ve begun preparing the
DPIA bundle for disclosure.
While I should not need a further four weeks to tie up any loose ends with
outstanding DPIAs, I will endeavour to provide you with an update or a
response within that timeframe.
Yours sincerely,
Craig Ineson
Senior Information Access Officer
Information Commissioner's Office
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
[1]ico.org.uk [2]twitter.com/iconews
Please consider the environment before printing this email
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice.

Tim Turner left an annotation ()
The fact that the ICO thinks it is acceptable to suggest that after six months, they still might need four weeks to answer a request is an indictment of the organisation's attitude to FOI. They do not care about FOI. They treat it with contempt.
24 December 2021
Case Reference: IC-106748-W4W5
Dear G Atkins
Please find attached a partial response to your information request.
Yours sincerely,
Craig Ineson
Senior Information Access Officer
Information Commissioner's Office
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
[1]ico.org.uk [2]twitter.com/iconews
Please consider the environment before printing this email.
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice.
References
Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/privacy-notice
30 March 2022
Our Reference: IC-106748-W4W5
Dear Gemma Atkins,
Please find enclosed our response to your information request of 16 May
2021. Please accept our apologies for the delay in responding to your
request in full.
Due to the number of attachments, the disclosures will be sent in a series
of emails. We will indicate when the last email has been sent.
Yours sincerely,
Information Access Team
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0303 123 1113 [1]ico.org.uk [2]twitter.com/iconews
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice
References
Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/privacy-notice
30 March 2022
Our Reference: IC-106748-W4W5
Dear Gemma Atkins,
Please find enclosed the second email of attachments in response to your
information request.
Yours sincerely,
Information Access Team
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0303 123 1113 [1]ico.org.uk [2]twitter.com/iconews
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice
References
Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/privacy-notice
30 March 2022
Our Reference: IC-106748-W4W5
Dear Gemma Atkins,
Please find enclosed the third email of attachments in response to your
information request.
Yours sincerely,
Information Access Team
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0303 123 1113 [1]ico.org.uk [2]twitter.com/iconews
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice
References
Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/privacy-notice
30 March 2022
Our Reference: IC-106748-W4W5
Dear Gemma Atkins,
Please find enclosed the fourth email of attachments in response to your
information request.
Yours sincerely,
Information Access Team
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0303 123 1113 [1]ico.org.uk [2]twitter.com/iconews
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice
References
Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/privacy-notice
30 March 2022
Our Reference: IC-106748-W4W5
Dear Gemma Atkins,
Please find enclosed the fifth and final email of attachments in response
to your information request.
Yours sincerely,
Information Access Team
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0303 123 1113 [1]ico.org.uk [2]twitter.com/iconews
For information about what we do with personal data see our privacy notice
at [3]www.ico.org.uk/privacy-notice
References
Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/privacy-notice
We work to defend the right to FOI for everyone
Help us protect your right to hold public authorities to account. Donate and support our work.
Donate Now
Jonathan Baines left an annotation ()
It’s notable that this Internal Review response doesn’t deal with what has been happening with the request up until Craig Ineson received it, which is surely slightly more relevant.