Is a personal identifiable phone number ‘linked information’ for the purposes of fulfilling a SAR?

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit [1]http://ico.org.uk/about_us/how_we_comply

. 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days.

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[2]http://www.ico.org.uk/tools_and_resource...

Twitter

Find us on Twitter at [3]http://www.twitter.com/ICOnews

References

Visible links
1. http://ico.org.uk/about_us/how_we_comply
2. http://www.ico.org.uk/tools_and_resource...
3. http://www.twitter.com/ICOnews

31 January 2018

Case Reference Number IRQ0718785

Dear [Name Removed]

 
Request for Information
 
Further to your information request to the Information Commissioner’s
Office (ICO) of 5 January 2018, we can now respond.
 
We have dealt with your request in accordance with your ‘right to know’
under section 1(1) of the Freedom of Information Act 2000 (FOIA), which
entitles you to be provided with any information ‘held’ by a public
authority, unless an appropriate exemption applies.
 
Your request
 
In the subject line of your email you asked “Is a personal identifiable
phone number ‘linked information’ for the purposes of fulfilling a SAR?”.
 
Your following information request asked:
 
“Is a telephone number ‘linked information’ when an organisation is asked
to fulfill a SAR, in that an organisation which phones a member the of the
public has the phone number (as the SAR requesters own) held as data, in
order to phone the SAR-requesting member of the public?
 
I am informed that a personal phone number is not linked information, by
an organisation.
 
This request specifies a personal phone number and but I would be grateful
if you could also provide any data, including any internal ICO guidance,
that the ICO has on file about information ‘linked’ to a member of the
public/ SAR requester, when a SAR is being fulfilled, under the Data
Protection Act. My aim is to clarify what is linked information ....and
what is not linked information, in order to clarify the issue”.
 
Our response
 
The first part of your email appears to be a query as to whether a
telephone number is ‘linked information’, and therefore personal data
subject to the Data Protection Act 1998 (DPA), including the right of
subject access.
 
Having searched our records we do not hold any guidance or advice, either
published on our website or within our non-published records, which
specifically answers the question of whether a telephone number is
personal data or not.  
 
Also, in response to your final point “My aim is to clarify what is linked
information ....and what is not linked information, in order to clarify
the issue”, we do not hold any information that specifically defines what
is, or what isn’t, ‘linked information’. 
 
Broadly speaking, whether a telephone number is personal data or not will
depend on the context in which the telephone number is held, and whether
it can be linked to a living individual who can be identified by that or
other information in the possession of the data controller.
 
If there is any question as to whether certain information comes within
the definition of personal data, we would always advise a data controller
or individual to consider our general guidance on ‘Determining what is
personal data’, which is addressed in more detail below.
 
Turning to your specific request for “… any data, including any internal
ICO guidance, that the ICO has on file about information ‘linked’ to a
member of the public/ SAR requester, when a SAR is being fulfilled, under
the Data Protection Act.”, we can confirm that we do hold information
within the scope of your information request. 
 
This is held within our published guidance about personal data, some of
which does make specific reference to ‘linked information’.  This
information is already available to you via our website, and again is
addressed in more detail below. 
 
Determining what is personal data
 
[1]https://ico.org.uk/media/for-organisatio...
 
This guidance includes a number of references to ‘linked information’,
although as we have explained it does not answer the specific question as
to whether a telephone number is personal data, or specifically what is
‘linked information’.  Some of the following extracts may be of particular
interest to you:
 
Section 1 – Identifiability (page 7)
 
This section asks the question “Can a living individual be identified from
the data, or, from the data and other information in the possession of, or
likely to come into the possession of, the data controller?”.  
 
At page 9 it advises “The starting point might be to look at what means
are available to identify an individual and the extent to which such means
are readily available. For example, if searching a public register or
reverse directory would enable the individual to be identified from an
address or telephone number, and this resource is likely to be used for
this purpose, the address or telephone number data should be considered to
be capable of identifying an individual.”.
 
Section 4 – ‘Data linked to an individual’ (page 11)
 
This section asks “Is the data ‘linked to’ an individual so that it
provides particular information about that individual?”, and if the answer
is ‘yes’, the data is ‘personal data’ for the purposes of the DPA.
 
This section confirms “There will also be many cases where data is not in
itself personal data but, in certain circumstances, it will become
personal data where it can be linked to an individual to provide
particular information about that individual.”
 
Section 5 – ‘The purpose of the processing’ (page 12)
 
This section asks “Is the data used, or is it to be used, to inform or
influence actions or decisions affecting an identifiable individual?”, and
again, if the answer is yes, the data is personal data.
 
It also advises “There are many other examples of data which 'relate to' a
particular individual because it is linked to that individual and informs
or influences actions or decisions which affect an individual.”
 
Section 6 – ‘Biographical significance’ (page 16)
 
This section advises “It is important to remember that it is not always
necessary to consider ‘biographical significance’ to determine whether
data is personal data. In many cases data may be personal data simply
because its content is such that it is ‘obviously about’ an individual.
Alternatively, data may be personal data because it is clearly ‘linked to’
an individual because it is about his activities and is processed with the
purpose of determining or influencing the way in which that person is
treated. You need to consider ‘biographical significance’ only where
information is not ‘obviously about’ an individual or clearly ‘linked to’
him.”
 
Section 7 – ‘Does the information concentrate on the individual?’ (page
18)
 
This advises “Again, it is important to remember that it is not always
necessary to consider ‘focus’ to determine whether data is personal data.
In many cases data may be personal data because it is ‘obviously about’ an
individual, or because it is clearly ‘linked to’ an individual because it
is about the individual’s activities.
 
“You need to consider the ‘focus’ of the data only where information is
not ‘obviously about’ an individual or clearly ‘linked to’ them.”
 
Appendix C – ‘Information anonymised for the purposes of the Directive’
(page 27)
 
This includes the advice “Data may be held as personal data by one
organisation, because they can link the data to living identifiable
individuals. The same data may be held by another organisation that is
unable to link the data concerned to individuals. The question arises,
therefore, whether the latter organisation holds personal data because the
data, in the hands of another organisation, are linked to identifiable
individuals.”
 
Appendix D – ‘Disclosing information which could be linked to identifiable
individuals’ (page 29)
 
This includes the advice “The Directive provides that “personal data shall
mean any information relating to an identified or identifiable natural
person …; an identifiable person is one who can be identified, directly or
indirectly…”.
 
“This definition would suggest that an organisation would be disclosing
personal data where it releases information which can be linked to
particular individuals. Taking into account the purpose of the Directive
this seems a sensible view. It is a view which the Information Tribunal
took when deciding whether a local authority should release the addresses
of empty properties. The Tribunal held that releasing such addresses would
involve releasing personal data where the properties were owned by
individuals.”
 
What is personal data? – A quick reference guide
 
[2]https://ico.org.uk/media/for-organisatio...
 
As the title suggests, this guidance is meant to be a quick reference
guide which summarises some of the issues discussed in more detail in our
‘Determining what is personal data’ guidance. 
 
You may find it helpful to look at the section on ‘identifiability’ (see
Q1 on page 3) and ‘relates to’ (see Q2 on page 3).
 
Subject access code of practice
 
[3]https://ico.org.uk/media/for-organisatio...
 
This code of practice does not make any reference to ‘linked information’
or more specifically telephone numbers, but we would refer you to Chapter
5 of the code, which is titled ‘Responding to a subject access request –
general considerations’, and advises:
 
“The Data Protection Act 1998 (DPA) provides that, for information to be
personal data, it must relate to a living individual and allow that
individual to be identified from that information (either on its own or in
conjunction with other information likely to come into the organisation’s
possession). The context in which information is held, and the way it is
used, can have a bearing on whether it relates to an individual and
therefore on whether it is the individual’s personal data.
 
In most cases, it will be obvious whether the information being requested
is personal data, but we have produced separate guidance (Determining what
is personal data) to help you decide in cases where it is unclear.”
 
Review Procedure
 
We hope this response is helpful, but if you are dissatisfied with this
response and wish to request a review of our decision or make a complaint
about how your request has been handled you should reply directly to this
email (leaving the reference number in square brackets intact), write to
the Information Access Team at the address below or email
[4][email address].
 
Your request for internal review should be submitted to us within 40
working days of receipt by you of this response.  Any such request
received after this time will only be considered at the discretion of the
Commissioner.
 
If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further right
of appeal to this office in our capacity as the statutory complaint
handler under the legislation.  To make such an application, please write
to our Customer Contact Team at the address given or visit our website if
you wish to make a complaint under either the Freedom of Information Act
or Environmental Information Regulations.
 
A copy of our review procedure can be accessed from our website [5]here.
 
Yours sincerely
 
 
 

Antonia Swann
Lead Information Access Officer
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545894  F. 01625 524510  [6]ico.org.uk  [7]twitter.com/iconews
Please consider the environment before printing this email

References

Visible links
1. https://ico.org.uk/media/for-organisatio...
2. https://ico.org.uk/media/for-organisatio...
3. https://ico.org.uk/media/for-organisatio...
4. mailto:[email address]
5. https://ico.org.uk/media/about-the-ico/p...
6. http://ico.org.uk/
7. https://twitter.com/iconews

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit [1]http://ico.org.uk/about_us/how_we_comply

. 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days.

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[2]http://www.ico.org.uk/tools_and_resource...

Twitter

Find us on Twitter at [3]http://www.twitter.com/ICOnews

References

Visible links
1. http://ico.org.uk/about_us/how_we_comply
2. http://www.ico.org.uk/tools_and_resource...
3. http://www.twitter.com/ICOnews

1 February 2018

Case Reference Number IRQ0718785

Dear [Name Removed]

 
Thank you for your email of 31 January 2018, in response to ours of the
same day.  We have noted the additional comments you have made about the
context in which telephone numbers are usually held, and the likelihood of
them falling within the definition of personal data.
 
Further to our response yesterday, we do hold an internal email from one
of our Senior Policy Officers to a Case Officer in our Enforcement
Department, sent in November 2017, where informal advice was provided
regarding the issue of telephone numbers.
 
Whilst the response still does not provide a conclusive answer to the
question of whether a telephone number is personal data or not, and it
largely re-iterates the guidance set out in our publication ‘Determining
what is personal data’, we hope you find the relevant extract from this
email, copied below, helpful:
 
“Personal data is data which relates to an individual who can be
identified:
 
 

* from that data, or

* from that data and other data in the possession of (or likely to come
in the possession of) the data controller.

 
So a telephone number might be (or might not be) personal data depending
on what other data the data controller possesses (or is likely to come
into possession of).
 
If the data controller has a list of telephone numbers but no other
information about who those numbers relate to (and they don’t have access
to any resources that would likely be used to link the numbers to
individuals) then the telephone numbers are unlikely to be classed as
personal data.
 
However, if the data controller has a list of telephone numbers linked
with other information (such as names, addresses etc…) then the telephone
number are likely to be classed as personal data.
 
In the context of a breach where telephone numbers alone are released, the
following paragraphs from our guidance on [1]determining what is personal
data may help:
 
“Sometimes it is not immediately obvious whether an individual can be
identified or not, for example, when someone holds information where the
names and other identifiers have been removed. In these cases, Recital 26
of the [Data Protection] Directive [1995] states that, whether or not the
individual is nevertheless identifiable will depend on “all the means
likely reasonably to be used either by the controller or by any other
person to identify the said person”.
 
Therefore, the fact that there is a very slight hypothetical possibility
that someone might be able to reconstruct the data in such a way that the
data subject is identified is not sufficient to make the individual
identifiable for the purposes of the Directive. The person processing the
data must consider all the factors at stake.
 
The starting point might be to look at what means are available to
identify an individual and the extent to which such means are readily
available. For example, if searching a public register or reverse
directory would enable the individual to be identified from an address or
telephone number, and this resource is likely to be used for this purpose,
the address or telephone number data should be considered to be capable of
identifying an individual.
 
When considering identifiability it should be assumed that you are not
looking just at the means reasonably likely to be used by the ordinary man
in the street, but also the means that are likely to be used by a
determined person with a particular reason to want to identify
individuals. Examples would include investigative journalists, estranged
partners, stalkers, or industrial spies.
 
Means of identifying individuals that are feasible and cost-effective, and
are therefore likely to be used, will change over time. If you decide that
the data you hold does not allow the identification of individuals, you
should review that decision regularly in light of new technology or
security developments or changes to the public availability of certain
records.”
 
 
Yours sincerely
 
 
 

Antonia Swann
Lead Information Access Officer
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545894  F. 01625 524510  [2]ico.org.uk  [3]twitter.com/iconews
Please consider the environment before printing this email

References

Visible links
1. https://ico.org.uk/media/for-organisatio...
2. http://ico.org.uk/
3. https://twitter.com/iconews

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit [1]http://ico.org.uk/about_us/how_we_comply

. 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days.

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[2]http://www.ico.org.uk/tools_and_resource...

Twitter

Find us on Twitter at [3]http://www.twitter.com/ICOnews

References

Visible links
1. http://ico.org.uk/about_us/how_we_comply
2. http://www.ico.org.uk/tools_and_resource...
3. http://www.twitter.com/ICOnews

12th February 2018

Case Reference Number RCC0724894

Dear [Name Removed]

Thank you for your email of 2 February 2018, asking for a review of our
response to your information request to the Information Commissioner’s
Office (ICO) titled “Is a personal identifiable phone number ‘linked
information’ for the purposes of fulfilling a SAR?”
 
 
Your request of 5 January 2018 read:
 
“Subject: “Is a personal identifiable phone number ‘linked information’
for the purposes of fulfilling a SAR
 
Is a telephone number ‘linked information’ when an organisation is asked
to fulfill a SAR, in that an organisation which phones a member the of the
public has the phone number (as the SAR requesters own) held as data, in
order to phone the SAR-requesting member of the public?
 
I am informed that a personal phone number is not linked information, by
an organisation.
 
This request specifies a personal phone number and but I would be grateful
if you could also provide any data, including any internal ICO guidance,
that the ICO has on file about information ‘linked’ to a member of the
public/ SAR requester, when a SAR is being fulfilled, under the Data
Protection Act. My aim is to clarify what is linked information ....and
what is not linked information, in order to clarify the issue”.
 
Following the receipt of our response you made a request for review as
follows:
 
“I am asking for a review in the grounds that I am still being informed
that a telephone number given to a Bank - and used to contact me, is NOT
my personal information….I would therefore ask to you search again for
reasoning on record that clarifies linked data under a similar
situation/s.”.

Our response
 
I’ve reviewed our response to your request and the searches we have done,
I consider that the searches are reasonable and appropriate. Therefore, I
do not uphold your complaint. I will explain my decision below.
 
Mrs Swann responded to your request on 31 January 2018 and informed you
that we do not hold guidance or advice, either published on our website or
within our non-published records, which specifically answers the question
of whether a telephone number is personal data or not.  I have reviewed
the searches done and confirm that they were appropriate. There is no
guidance held that specifically answer your question.

In relation to the following part of your request “… any data, including
any internal ICO guidance, that the ICO has on file about information
‘linked’ to a member of the public/ SAR requester, when a SAR is being
fulfilled, under the Data Protection Act.”, Mrs Swann provided you with
links to our published guidance about what constitutes personal data, some
of which does make specific reference to ‘linked information’. 
 
I have reviewed the scope of this part of your request and confirm that we
do not hold internal guidance about what constitutes ‘linked’ information
for the purpose of responding to a SAR. We’ve read your request
objectively and in conjunction with the explanation you have provided and
consider that you are seeking guidance issued to staff regarding the issue
of linked information. I confirm that the links provided are all the
guidance held concerning linked information. They are all published on our
website. For clarity, we do hold advice that has been given internally but
on individual cases based on the specific facts of the case. We don’t
think this case specific advice amounts to internal guidance.
 
Mrs Swann also provided to you, as advice and assistance, advice given by
our policy department to a case officer concerning a specific case, where
the details bear some resemblance to the scenario you describe. This is
the only such advice held.
 
Finally, you have explained “I am asking for a review in the grounds that
I am still being informed that a telephone number given to a Bank - and
used to contact me, is NOT my personal information….”
 
This, along with your previous emails relating to this information
request, suggests that you are dissatisfied with the way in which a data
controller has dealt with your subject access request to them, and that
personal data to which you are entitled has not been provided.
 
As the guidance we have referred to in our previous responses suggests,
this can only be decided on a case-by-case basis, and is dependent on what
other information may be in the possession of the data controller to
enable them to identify the data subject.  Whilst it seems reasonable to
suggest that in most instances a telephone number will be the personal
data of the relevant account holder, this will not always be the case.
 
In view of your specific concerns about the data controller concerned, you
may find it helpful to raise these with the ICO as the regulator of the
Data Protection Act 1998 (the DPA), via our website here:
 
[1]https://ico.org.uk/concerns/
 
This will enable us to consider the information which is held by the data
controller, and make an assessment as to whether the data controller has
complained with the requirements of the DPA or not.
 
We hope you find our response of assistance.
 
Yours sincerely
 
Iman Elmehdawy
Information Access Service Manager
 
 
Complaint procedure
 
If you remain dissatisfied with the outcome of this review you can make a
formal complaint with the ICO in its capacity as the regulator of the
Freedom of Information Act. Please follow the link below to submit your
complaint
[2]https://ico.org.uk/concerns/
 
 

References

Visible links
1. https://ico.org.uk/concerns/
2. https://ico.org.uk/concerns/

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit [1]http://ico.org.uk/about_us/how_we_comply

. 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days.

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[2]http://www.ico.org.uk/tools_and_resource...

Twitter

Find us on Twitter at [3]http://www.twitter.com/ICOnews

References

Visible links
1. http://ico.org.uk/about_us/how_we_comply
2. http://www.ico.org.uk/tools_and_resource...
3. http://www.twitter.com/ICOnews

8 March 2018

Case Reference Number IRQ0726163

Dear [Name Removed]

Request for Information
 
Further to your information request to the Information Commissioner’s
Office (ICO) of 12 February 2018, we can now respond.
 
We have dealt with your request in accordance with your ‘right to know’
under section 1(1) of the Freedom of Information Act 2000 (FOIA), which
entitles you to be provided with any information ‘held’ by a public
authority, unless an appropriate exemption applies.
 
Your request
 
In your email you asked “I would therefore be interested to know if there
any cases have been decided in court - on the subject the use of personal
telephone numbers (linked).” and “Please therefore confirm that no decided
court cases -either upheld - or not, involving the linking/ non-linking of
personal telephone numbers, are held on ICO record.”.
 
Our response
 
We have carried out further searches of the information held by the ICO,
and the only court case we are aware of that has considered the issue of
whether personal telephone numbers are personal data or not is the case
referred to in the footnote on page 7 of the ICO guidance ‘Determining
what is personal data’.  The footnote states:
 
“…The term ‘personal data’ undoubtedly covers the name of a person in
conjunction with his telephone number or information about his working
conditions or hobbies – Paragraph 24 of the Opinion of Advocate General
Tizzano in the Lindqvist case (Bodil Lindqvist v Aklagarkammaren i
Jonkoping – Case Commissioner-101/01 – European Court of Justice) dlivered
on 19 September 2002…”  
 
The guidance itself can be accessed here:
 
[1]https://ico.org.uk/media/for-organisatio...
 
The Lindqvist case originated in Sweden, but was heard by the European
Court of Justice in 2003, and is based on the provisions of the European
data protection directive (Directive 95/46/EC) which is applicable to all
member states.  The judgement itself can be accessed here:
 
[2]http://curia.europa.eu/juris/document/do...
 
We have been unable to locate any other court cases which come within the
scope of your information request.
 
Whilst there have been Information Tribunal cases that relate to the
processing of telephone numbers (for example, for direct marketing
purposes and/or unsolicited text messages), these all indicate that the
telephone numbers of the data subjects concerned are in any case their
personal data.  None of these cases therefore address the question of
whether the telephone numbers are personal data or not, so we have
considered them to be outside the scope of your information request.
 
Review Procedure
 
We hope this is helpful, but if you are dissatisfied with this response
and wish to request a review of our decision or make a complaint about how
your request has been handled you should reply directly to this email
(leaving the reference number in square brackets intact), write to the
Information Access Team at the address below or email
[3][email address].
 
Your request for internal review should be submitted to us within 40
working days of receipt by you of this response.  Any such request
received after this time will only be considered at the discretion of the
Commissioner.
 
If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further right
of appeal to this office in our capacity as the statutory complaint
handler under the legislation.  To make such an application, please write
to our Customer Contact Team at the address given or visit our website if
you wish to make a complaint under either the Freedom of Information Act
or Environmental Information Regulations.
 
A copy of our review procedure can be accessed from our website [4]here.
 
Yours sincerely
 
 
 

Antonia Swann
Lead Information Access Officer
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545894  F. 01625 524510  [5]ico.org.uk  [6]twitter.com/iconews
Please consider the environment before printing this email

References

Visible links
1. https://ico.org.uk/media/for-organisatio...
2. http://curia.europa.eu/juris/document/do...
3. mailto:[email address]
4. https://ico.org.uk/media/about-the-ico/p...
5. http://ico.org.uk/
6. https://twitter.com/iconews

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit [1]http://ico.org.uk/about_us/how_we_comply

. 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days.

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[2]http://www.ico.org.uk/tools_and_resource...

Twitter

Find us on Twitter at [3]http://www.twitter.com/ICOnews

References

Visible links
1. http://ico.org.uk/about_us/how_we_comply
2. http://www.ico.org.uk/tools_and_resource...
3. http://www.twitter.com/ICOnews