Dear Information Commissioner's Office,

In DN FS50790211 dated 4 March 2019 concerning the Department for Exiting the European Union it is stated:

"39. The Commissioner is developing a specific department –Insight and Compliance –to engage with public authorities to improve their compliance."

https://ico.org.uk/media/action-weve-tak...

Please provide:

1. Information contained in documents, reports etc detailing what this new department does and what it has achieved to date.

2. The number of staff (WTE) that it has.

3. Copies of all standard communications sent to public authorities aimed at improving their compliance.

4. The names of all delinquent public authorites contacted by the department and the number of times each was considered to need its compliance improved.

Yours faithfully,

J Roberts

J Roberts left an annotation ()

The DN was appealed and upheld in part:

"33. The tribunal is satisfied that there is a clear and overwhelming public interest in the disclosure of the material which the Legatum Institute sent to the DexEU or material summarising the points put forward by Legatum. The fact that the Legatum Institute marked some material as private and confidential does not seem to the tribunal to significantly advance the consideration of the public interest. This disclosure will not discourage contributions to government. Nor will the disclosure impede the government’s ability to develop policy any more than issues raised in newspaper editorials and articles in economic journals which are the routine background with which government works. "
http://informationrights.decisions.tribu...

Information Commissioner's Office

7 January 2020

 

Case Reference Number IRQ0898897

 

Dear J Roberts

This is an acknowledgement of your request for information which we
received on 19 December 2019.
 
Your request is being dealt with in accordance with the Freedom of
Information Act 2000. Our response to your request is due by 22 January,
which is 20 working days from the date on which we received it.
 
If you wish to contact me, please quote the reference number at the top of
this email. If you reply to this email please leave the subject field
unchanged.
 
More information about the Information Commissioner’s Office and the
legislation we oversee is available on our website at
[1]https://ico.org.uk.
For information about what we do with personal data see our [2]privacy
[3]notice. Our retention policy can be found [4]here.

Yours sincerely
 
Aiden Clarkson
Senior Information Access Officer
Information Commissioner’s Office
0330 414 6827

 
 

References

Visible links
1. https://ico.org.uk/
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/global/privacy-notice/
4. https://ico.org.uk/media/about-the-ico/p...

Information Commissioner's Office

24 January 2020

 

Case Reference Number IRQ0898897

 

Dear J Roberts

I write in relation to your information request of 19 December. I am
working on a response to your request, and will provide it to you as soon
as I can. I apologise for the delay.
 
If you wish to contact me, please quote the reference number at the top of
this email. If you reply to this email please leave the subject field
unchanged.
 
More information about the Information Commissioner’s Office and the
legislation we oversee is available on our website at
[1]https://ico.org.uk.
For information about what we do with personal data see our [2]privacy
[3]notice. Our retention policy can be found [4]here.

Yours sincerely
 
Aiden Clarkson
Senior Information Access Officer
Information Commissioner’s Office
0330 414 6827

 

 

References

Visible links
1. https://ico.org.uk/
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/global/privacy-notice/
4. https://ico.org.uk/media/about-the-ico/p...

Information Commissioner's Office

21 February 2020

 

Case Reference Number IRQ0898897

 

Dear J Roberts

Further to my email of 24 January 2020 I am writing to update you
regarding your information request which we received on 19 December 2019.
                        
Since receiving your request we have been working to collate the
information sought and to provide you with a response within the required
timeframe. Unfortunately it has not been possible to achieve this on this
occasion. Please accept our sincere apologies.
                              
We are currently experiencing an unprecedented demand on our services.
Although we were able to respond to 92% of the information requests that
we received in the third quarter of the 2019/20 financial year, this means
that we did not respond on time in 8% of cases. Unfortunately on this
occasion your request is one such case.
 
We are continuing to work on your request and hope to provide you with a
response as soon as possible. If we have not completed your request by 6
March I will write to you again with a further update at that time.
 
Should you wish to contact me about your request please feel free to
respond to this email, quoting the case number in the subject line above.
 
Please note that if you wish to complain to this office in its capacity as
regulator for the Freedom of Information Act regarding our timeliness, you
can so by emailing [1][email address], contacting us [2]via the post,
or [3]through our website without seeking an internal review.
 
More information about the Information Commissioner’s Office and the
legislation we oversee is available on our website at
[4]https://ico.org.uk.
For information about what we do with personal data see our [5]privacy
notice. Our retention policy can be found [6]here.

Yours sincerely
 
Aiden Clarkson
Senior Information Access Officer
Information Commissioner’s Office
0330 414 6827
 
 

References

Visible links
1. mailto:[email address]
2. https://ico.org.uk/about-the-ico/who-we-...
3. https://ico.org.uk/make-a-complaint/offi...
4. https://ico.org.uk/
5. https://ico.org.uk/global/privacy-notice/
6. https://ico.org.uk/media/about-the-ico/p...

Dear Information Commissioner's Office,

Thanks for letting me know that you are working on my request. A short delay does not bother me in the slightest.

Yours faithfully,

J Roberts

Information Commissioner's Office

9 March 2020

 

Case Reference Number IRQ0898897

 

Dear J Roberts

This is a brief email to let you know that I am still working on my
response to your information request. I hope to respond soon, but will
update you again in two weeks if I have not been able to issue our
response by then. Thank you for your continuing patience in relation to
his request.
 
If you wish to contact me, please quote the reference number at the top of
this email. If you reply to this email please leave the subject field
unchanged.
 
More information about the Information Commissioner’s Office and the
legislation we oversee is available on our website at [1]www.ico.org.uk.
For information about what we do with personal data see our [2]privacy
notice. Our retention policy can be found [3]here.
 
 
Yours sincerely
 
Aiden Clarkson
Senior Information Access Officer
Information Commissioner’s Office
0330 414 6827
 

References

Visible links
1. http://www.ico.org.uk/
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/media/about-the-ico/p...

Information Commissioner's Office

30 March 2020

 

Case Reference Number IRQ0898897

 

Dear J Roberts

 
I write in relation to your information request to the ICO. Unfortunately
it has not yet been possible to respond to your information request. I am
working on your request and will respond as soon as I am able. Thank you
for your patience and understanding in this matter.
 
I’m sure you can appreciate that the current pandemic has caused and will
cause disruption to our processes. Unfortunately in this instance this has
further delayed my response to your request. This is due to factors
including staff absence, the requirement for many staff members to balance
home-working and childcare, and other arrangements that we have made to
protect our workforce from the potential spread of Coronavirus (COVID
-19).
 
Measures of this kind have been put in place across similar organisations
during the pandemic. As the regulator for the Freedom of Information Act
and the right of subject access in data protection legislation, we have
confirmed that we will not be penalising public authorities for
prioritising other areas or adapting their usual approach during this
extraordinary period.
 
We have also confirmed that in relation to any complaints received during
this period we will take into account the compelling public interest in
the current health emergency.
 
You can see more about our statements relating to timeliness on the ICO
website regarding both [1]FOI and [2]data protection requests. And you can
see more about the UK government response to the outbreak on the
[3]dedicated page on the government website.
 
Next steps
 
If you wish to raise a complaint about the time we have taken to respond
to your information request, this can be sent to this office as the
statutory complaint handler. Please refer to our website at:
 
[4]https://ico.org.uk/make-a-complaint/
 
If you wish to contact me, please quote the reference number at the top of
this email. If you reply to this email please leave the subject field
unchanged. You can also call me on 0330 414 6827.
 
More information about the Information Commissioner’s Office and the
legislation we oversee is available on our website at [5]www.ico.org.uk.
For information about what we do with personal data see our [6]privacy
notice. Our retention policy can be found [7]here.
 
 
Yours sincerely
 
Aiden Clarkson
Senior Information Access Officer
Information Commissioner’s Office
0330 414 6827
 
 
 
 

References

Visible links
1. https://ico.org.uk/about-the-ico/news-an...
2. https://ico.org.uk/for-organisations/dat...
3. https://www.gov.uk/government/topical-ev...
4. https://ico.org.uk/make-a-complaint/
5. http://www.ico.org.uk/
6. https://ico.org.uk/global/privacy-notice/
7. https://ico.org.uk/media/about-the-ico/p...

Dear Information Commissioner's Office,

Thank you for keeping me informed.

I fully agree with you that delay in these exceptional circumstances is perfectly reasonable.

Yours faithfully,

J Roberts

Information Commissioner's Office

This message has been hidden. An incorrectly redacted response was supplied. The continued publication of such material may reasonably affect authority's proactive engagement with the ICO, which may in turn adversely affect both members of the site and the public. Please contact us if you have any questions. If you are the requester, then you may sign in to view the message.

Information Commissioner's Office

This message has been hidden. An incorrectly redacted response was supplied. The continued publication of such material may reasonably affect authority's proactive engagement with the ICO, which may in turn adversely affect both members of the site and the public. Please contact us if you have any questions. If you are the requester, then you may sign in to view the message.

Dear Information Commissioner's Office,

Thanks for the information. Just one thing, a typo in your Insight and Compliance Approach document(7):

"Objective 2:  To be effective, proportionate, dissuasive and consistent in our application of sanctions, targeting our most significant powers; (i) for organisations and individuals suspected of repeated or wilful misconduct or serious failures to take proper steps to PRODUCT personal data, and (ii) where formal regulatory action serves as an important deterrent to those who risk non-compliance with the law."

I think it should be PROTECT.

Yours faithfully,

J Roberts

Dear Information Commissioner's Office,

The typo also appears in your Insight and Compliance Aims document.

Yours faithfully,

J Roberts

Information Access Inbox, Information Commissioner's Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit:

[1]https://ico.org.uk/about-the-ico/our-inf...

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

For information about what we do with personal data see our [2]privacy
notice.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found
[3]here.

Twitter

Find us on Twitter [4]here.

 

References

Visible links
1. https://ico.org.uk/about-the-ico/our-inf...
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/about-the-ico/news-an...
4. http://www.twitter.com/ICOnews

Information Commissioner's Office

10 Attachments

25 June 2020

 

Case Reference Number IRQ0898897

 

Dear J Roberts

 
I am writing in further response to your request for information, which we
received on 19 December 2019, and to which we issued a response on 27 May.
It has become clear that, through error, our initial response disclosed
information which should have been withheld, primarily the names of some
public authorities. Therefore we have taken the step of reissuing the
original response and the disclosure with the corrected and fully redacted
documents. We would ask that you do not disseminate the previously
disclosed documents further and delete any copies of this information you
may have.
 
The substantial difference between the original response and this updated
response is in the section covering information exempt under Section 31 of
the act – please see below.
 
This request
 
You asked us for the following information regarding our Insight and
Compliance department:
 
1. Information contained in documents, reports etc detailing what this new
department does and what it has achieved to date.
2. The number of staff (WTE) that it has.
3. Copies of all standard communications sent to public authorities aimed
at improving their compliance.
4. The names of all delinquent public authorities contacted by the
department and the number of times each was considered to need its
compliance improved.
 
We’ve handled that request under the Freedom of Information Act (FOIA)
2000.
 
Our response 
 
I can confirm that we hold information which falls under the scope of your
request.
 
In response to part 2 of your request, I can tell you that as of the date
of your request that Insight and Compliance has 4 staff. One staff member
was 0.8 full time equivalent (FTE) from Feb 19-Dec 19, and is now 0.9 FTE.
The other 3 are full time.

I have attached the documents we hold which cover the scope of parts 1 and
3 of your request, including copies of the standard communications sent to
organisations, and various documents setting out the aims of the
department, and copies of documents which precis the activities of the
team. I have also provided copies of worksheets from a tracker document
used temporarily.
 
As you will see, I have withheld some information from these documents.
Where the information constitutes the personal data of other individuals,
I have withheld it under section 40(2) of the FOIA, which states that a
public authority can withhold information where it constitutes the
personal data of someone other than the requestor and its disclosure would
contravene the principles of data protection.
 
I have withheld information which falls under the scope of part 4 of your
request, and which would allow you to identify the organisations which the
Insight and Compliance team have interacted with; I’ve withheld this
information under section 31 of the act.
 
Information withheld – section 31(1)(g)
 
The exemption at section 31(1)(g) of the FOIA refers to circumstances
where the disclosure of information “would, or would be likely to,
prejudice…the exercise by any public authority of its functions for any of
the purposes specified in subsection (2).”
 
In this case the relevant purposes contained in subsection 31(2) are
31(2)(a) and 31(2)(c) which state: 
 

 1. the purpose of ascertaining whether any person has failed to comply
with the law, and

 3. the purpose of ascertaining whether circumstances which would justify
regulatory action in pursuance of any enactment exist or may arise.

The exemption at section 31 is not absolute, and we must therefore
consider the prejudice or harm which may be caused by disclosure of the
information you have requested, as well as applying a public interest test
by weighing up the factors in favour of disclosure against those in favour
of maintaining the exemption.
 
Although an inappropriate disclosure has led to the release of information
into the public domain in error, it is our position that that information
was and remains exempt from disclosure under the act, and as such we have
corrected our original response provide to you. It is not my position that
any dissemination of the incorrectly disclosed information undoes or
undermines the arguments I have put forward regarding prejudice to the
work of the ICO through disclosure. I feel that the continued availability
of the information through the What Do They Know platform will lead to
prejudice to our work, as detailed in the exemption applied.
 
We take the view that allowing ongoing public access to the information
you have asked for could prejudice the ICO’s ability to constructively
engage with external parties during our regulatory process. Disclosure and
wide public access to the names of the organisations we have had contact
with risks prejudicing our ongoing relationship with those organisations.
Disclosure could jeopardise the ICO’s ability to obtain information from
organisations, especially in situations where we are proactively working
with the organisation to improve their performance and compliance. Indeed,
the step we are taking to remove the accidental disclosure and reissue the
correctly redacted response reflects the high risk of prejudice to our
relationships with the organisations involved.
 
The exemption at section 31(1)(g) is not absolute. When considering
whether to apply it in response to a request for information, there is a
‘public interest test’. That is, we must consider whether the public
interest favours withholding or disclosing the information.
 
In this case the public interest factors in favour of disclosing the
information are as follows: 
 
 

* Increased transparency in the way in which we carry out our work as a
regulator;
* The understandable interest of members of the public regarding
organisations’ general compliance with the legislation we oversee.

The public interest factors in maintaining the exemption are as follows:
 
 

* We consider that disclosure and further public access to the names of
the organisations would likely compromise our ability to conduct
future work with them and therefore affect the discharge of our
regulatory function in vital areas, including our ability to influence
the behaviour of data controllers and to take formal action;  
* There is a public interest in us being able to maintain effective and
productive relationships with the parties we communicate with. It is
essential that organisations continue to engage with us in a
constructive and collaborative way without fear that the fact of the
communication will be made public if it is inappropriate to do so;
* There is a public interest in the ICO maintaining its ability to
conduct its regulatory activities as it sees fit, without disclosing
information to the public which might affect those activities; and
* The ICO has a demonstrable history of sharing information when it is
appropriate to do so, in line with our communicating regulatory and
enforcement activity [1]policy.

Having considered the arguments both for and against disclosure we do not
find that there is sufficient weight in the arguments that favour
disclosure.
 
Disclosure of the requested information would be likely to be prejudicial
to our regulatory function as it would impact upon our ability to
effectively carry out investigations of this nature both now and in the
future.
 
Advice and assistance
 
The Insight and Compliance approach and priorities document  is now out of
date as Insight and Compliance will from now on be concentrating on
producing thematic reports, our FOI self-assessment toolkit, and sharing
good practice. This change has only taken place this month, the document
was current at the time of your request.
 
Insight and Compliance has moved away from updating the activity tracker
included in this response, therefore requests for a more up-to-date
version are not likely to return any disclosable information.
 
I hope this response is clear. If you would like me to clarify anything
about the way your request has been handled please contact me.
 
You can ask us to review the way we have handled your request. Please see
our review procedure [2]here.
 
If you remain dissatisfied with the way we have handled your request
following an internal review you can [3]report your concern to the
regulator.
 
If you wish to contact me, please quote the reference number at the top of
this email. If you reply to this email please leave the subject field
unchanged.
 
More information about the Information Commissioner’s Office and the
legislation we oversee is available on our website at [4]www.ico.org.uk.
For information about what we do with personal data see our [5]privacy
notice. Our retention policy can be found [6]here.
 
Yours sincerely
 
Ian Goddard
Information Access Service Manager, Risk and Governance Department
Corporate Strategy and Planning Service
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0330 4146823  F. 01625 524510  [7]ico.org.uk  [8]twitter.com/iconews
For information about what we do with personal data see our [9]privacy
notice
Please consider the environment before printing this email

References

Visible links
1. https://ico.org.uk/media/about-the-ico/p...
2. https://ico.org.uk/media/1883/ico-review...
3. https://ico.org.uk/make-a-complaint/
4. http://www.ico.org.uk/
5. https://ico.org.uk/global/privacy-notice/
6. https://ico.org.uk/media/about-the-ico/p...
7. http://ico.org.uk/
8. https://twitter.com/iconews
9. https://ico.org.uk/global/privacy-notice/