Dear Information Commissioner's Office,

Amendments made to Information legislation enabling the ICO to exonerate breaches

https://www.whatdotheyknow.com/request/c...

Yours faithfully,

George White

Information Access Inbox, Information Commissioner's Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit:

[1]https://ico.org.uk/about-the-ico/our-inf...

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

For information about what we do with personal data see our [2]privacy
notice.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found
[3]here.

Twitter

Find us on Twitter [4]here.

 

References

Visible links
1. https://ico.org.uk/about-the-ico/our-inf...
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/about-the-ico/news-an...
4. http://www.twitter.com/ICOnews

Information Access Inbox, Information Commissioner's Office

Dear Sir/Madam,

Thank you for contacting the Information Commissioner's Office (ICO) through the whatdotheyknow.com (WDTK) website.

The WDTK website was created to help people request information from public authorities under the Freedom of Information Act (FoIA) and the Environmental Information Regulations (EIRs).

The ICO is the regulator responsible for overseeing information rights legislation. We are also subject to the legislation we oversee.

As a public authority we are subject to the FoIA and EIRs, so if people want to request information we might hold about our work as a public body they can do this through WDTK.

The correspondence you have sent to us is not a request for information we might hold. It is a concern or complaint about the way an organisation has complied with the legislation we oversee. We do deal with issues like this. However, we do not deal with this part of our work through the WDTK website.

Please visit the ICO website www.ico.org.uk for information about the legislation we oversee and advice on what to do if you are unhappy with the way an organisation has met its information rights obligations.

If you need to raise a complaint or concern with us you can do this by following the instructions on this page of our website - www.ico.org.uk/concerns.

Please also contact our helpline for any further advice on 0303 123 1113.

Please do not reply to this message through the WDTK website. We make no commitment to respond if you do.

Yours sincerely

The Information Commissioner's Office

Dear Information Access Inbox,
All information related to your approach to responses and the amendments you have made to Information legislation enabling the ICO to exonerate breaches
https://www.whatdotheyknow.com/request/c...
Yours faithfully,
George White

Information Access Inbox, Information Commissioner's Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit:

[1]https://ico.org.uk/about-the-ico/our-inf...

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

For information about what we do with personal data see our [2]privacy
notice.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found
[3]here.

Twitter

Find us on Twitter [4]here.

 

References

Visible links
1. https://ico.org.uk/about-the-ico/our-inf...
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/about-the-ico/news-an...
4. http://www.twitter.com/ICOnews

Tim Turner left an annotation ()

There are no amendments to FOI legislation and the ICO doesn't have the power to amend the legislation. The ICO does have limited discretion not to make decisions on complaints, and they're clearly attempting to exercise that here. It's pointless to ask them for information about something that they haven't done, and which the guidance that they've published clearly doesn't imply that they have done or have the power to do.

George White left an annotation ()

seems they are doing no more that they always do, find excuses for authorities not to respond, not to do internal reviews in the time and take no action against anyone.

great law. comes with discretion. guess thats the way of the world, little guy with no voice or clout gets treated like this and organisations who can throw public money at it spend my cash til they get away with it.

I got Highways England giving the ICO excuse as standard response.

ICO Casework, Information Commissioner's Office

24 June 2020

Our reference: IC-43008-X1H0

Dear Mr White,

I write in response to your information request of 15 June 2020.

Before I can progress your request, I would like to ask you for some
clarification about the information you are trying to access. Without this
clarification we are not able to provide you with a response.

You have asked for:

All information related to your approach to responses and the amendments
you have made to information legislation enabling the ICO to exonerate
breaches.

I will require more detail as to what you mean by our 'approach to
responses'. Unfortunately this element of your request is too general to
enable me to undertake meaningful searches of recorded information held by
the ICO.

If you could also clarify what amendments to legislation you believe have
occurred, that would be helpful. However, I should advise you that
legislative amendments are a matter for Parliament and are not something
the ICO has the power to do. If it is of assistance, the website
[1]www.legislation.gov.uk provides you with the access to lists detailing
changes made by all UK legislation enacted from 2002.

If you would like us to progress your request please respond providing the
above clarification as soon as possible. Once we understand what
information you are trying to access we will respond to you within 20
working days from the data we receive appropriate clarification.

If we do not receive clarification then we will consider your request to
be withdrawn and you will not receive a response.

Yours sincerely,

Shannon Keith
Senior Information Access Officer
Information Commissioner’s Office 

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0303 123 1113 [2]ico.org.uk [3]twitter.com/iconews
Please consider the environment before printing this email
Please be aware we are often asked for copies of the correspondence we
exchange with third parties. We are subject to all of the laws we deal
with, including the data protection laws and the Freedom of Information
Act 2000. You can read about these on our website ([4]www.ico.org.uk).
Please say whether you consider any of the information you send us is
confidential. You should also say why. We will withhold information where
there is a good reason to do so.
For information about what we do with personal data see our privacy notice
at [5]www.ico.org.uk/privacy-notice

References

Visible links
1. http://www.legislation.gov.uk/
2. https://ico.org.uk/
3. https://twitter.com/iconews
4. https://www.ico.org.uk/
5. https://www.ico.org.uk/privacy-notice

Highways England is referring me to your guidance which say they can ignore the law.
You're all public authorities probably not furloughed staff could be working remote. now everyone gets to delay cause you changed the law or are not enforcing it.

https://www.whatdotheyknow.com/request/c...

We are contacting you regarding your request of 5 May 2020 about the
National Schedule of Repair Cost

Unfortunately due to the current working situation, brought on by the
Covid-19 pandemic, where offices have closed and Highways England staff
are working remotely it has not been possible to search for and gather any
relevant information, and provide a response to your request within the
statutory 20 working day timeframe. We are sorry that we were unable to
provide our response to your request within the expected timeframe, but
would like to thank you for your patience regarding this in light of the
current situation we all find ourselves in.

Unfortunately, we are currently unable to advise as to when we will be
able to issue a response and apologise for any frustration this may cause.

The ICO have also issued some guidance about how they will regulate during
the pandemic which can be found at the following link and may be of
interest or use to you
[1]https://ico.org.uk/about-the-ico/news-an...

ICO Casework, Information Commissioner's Office

30 June 2020

Our reference: IC-43008-X1H0

Dear Mr White,

I write in response to your correspondence of 29 June 2020. Unfortunately
it does not appear to clarify what recorded information you are seeking
from the ICO, instead you appear to be complaining about a response
provided to you by another public authority. If you wish to make a
complaint about an FOI response you have received, or the timeliness of a
public authority in responding to a request you can do this on our website
[1]ico.org.uk.

If you wish to clarify your request to us, please do so. In
doing this please state what recorded information you are requesting. 

I should be clear with you that I do not intend to enter into a
dialogue about your grievance with a response you were provided by another
public authority, as this is not the purpose of the FOIA or the WDTK
website.

Yours sincerely

Shannon Keith
Senior Information Access Officer
Information Commissioner's Office

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
[2]ico.org.uk [3]twitter.com/iconews  
Please consider the environment before printing this email

Please be aware we are often asked for copies of the correspondence we
exchange with third parties. We are subject to all of the laws we deal
with, including the data protection laws and the Freedom of Information
Act 2000. You can read about these on our website ([4]www.ico.org.uk).
Please say whether you consider any of the information you send us is
confidential. You should also say why. We will withhold information where
there is a good reason to do so.
For information about what we do with personal data see our privacy notice
at [5]www.ico.org.uk/privacy-notice.

References

Visible links
1. https://ico.org.uk/
2. https://ico.org.uk/
3. https://twitter.com/iconews
4. https://www.ico.org.uk/
5. https://www.ico.org.uk/privacy-notice

Dear ICO Casework,

if you're refusing to answer just say and do a review,
The ICO's issued some guidance about how they will regulate during the pandemic
Why's there a different approach to the law, what's changed and how can you do this. If they don't respond in time if they break the law who're you to let them off.
I'm not complaining about another's response. I'm asking about your changes.

Yours sincerely,

George White

ICO Casework, Information Commissioner's Office

1 Attachment

22 July 2020

Case Reference: IC-43008-X1H0

Dear requester,

Please find attached our response to your request for information.

Yours sincerely,

Shannon Keith
Senior Information Access Officer
Information Commissioner's Office

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
[1]ico.org.uk [2]twitter.com/iconews
Please consider the environment before printing this email.

Please be aware we are often asked for copies of the correspondence we
exchange with third parties. We are subject to all of the laws we deal
with, including the data protection laws and the Freedom of Information
Act 2000. You can read about these on our website ([3]www.ico.org.uk).
Please say whether you consider any of the information you send us is
confidential. You should also say why. We will withhold information where
there is a good reason to do so.
For information about what we do with personal data see our privacy notice
at [4]www.ico.org.uk/privacy-notice.

References

Visible links
1. https://ico.org.uk/
2. https://twitter.com/iconews
3. https://www.ico.org.uk/
4. https://www.ico.org.uk/privacy-notice

Dear ICO Casework,

I want to know why you don't make responses to reviews in 20 days. What's the point of the law pandemic or none?

Yours sincerely,

George White

icocasework, Information Commissioner's Office

To read this email in English click [1]here

I darllen yr ebost yn y Gymraeg, cliciwch [2]yma

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time.  You can also call us on 0303 123 1113 or
contact us via live chat. 

 
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it.  But
we will do our best to provide you with the information you need.
 
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
 
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.  

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.

If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
 
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
 
If you have only copied your correspondence to us - we will not respond.
 
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
 
For information about what we do with personal data please see our
[17]privacy notice.
 
Yours sincerely
 
The Information Commissioner’s Office
 
Our newsletter
You can [18]sign up to our monthly e-newsletter
 
 
Pwnc: Mae’ch neges ebost wedi dod i law

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb.  Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.

 
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus. 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd. 

Yn gywir

Swyddfa’r Comisiynydd Gwybodaeth

Ein cylchlythyr

Gallwch [34]gofrestru i gael ein e-gylchlythyr misol

 

 

References

Visible links
1. file:///tmp/foiextract20200828-14686-1qq0t9s#English
2. file:///tmp/foiextract20200828-14686-1qq0t9s#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...

ICO Casework, Information Commissioner's Office

3 September 2020

Case Reference: IC-43008-X1H0

Dear Mr White,

It is unclear whether your correspondence of 28 August 2020 is a request
for an internal review of my 22 July 2020 response to your information
request, or just a statement of general dissatisfaction.

If your intention was to seek an internal review of my response, please
confirm this.

If you require assistance in understanding the relationship between the
statutory obligations of the FOIA and the best practice guidelines of the
[1]FOI Code of Practice, I would encourage you to contact our Advice
Services department, either by email ([2][email address]) or call our
hotline on 0303 123 1113. The provision of advice and explanations is not
a service we provide via WDTK.

Please be advised that any further correspondence sent in relation to
this case  will be read, but not necessarily responded to.

Yours sincerely,

Shannon Keith
Senior Information Access Officer
Information Commissioner's Office

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
[3]ico.org.uk [4]twitter.com/iconews
Please consider the environment before printing this email.

Please be aware we are often asked for copies of the correspondence we
exchange with third parties. We are subject to all of the laws we deal
with, including the data protection laws and the Freedom of Information
Act 2000. You can read about these on our website ([5]www.ico.org.uk).
Please say whether you consider any of the information you send us is
confidential. You should also say why. We will withhold information where
there is a good reason to do so.
For information about what we do with personal data see our privacy notice
at [6]www.ico.org.uk/privacy-notice.

References

Visible links
1. https://assets.publishing.service.gov.uk...
2. mailto:[email address]
3. https://ico.org.uk/
4. https://twitter.com/iconews
5. https://www.ico.org.uk/
6. https://www.ico.org.uk/privacy-notice

Dear ICO Casework,

Does the IC make any enquiry of an authority before extending the 20 days for a review to 40 days? Pandemic or none from what I've seen on this forum, authority's get 40 days without ever being asked to explain a delay. What's the process?

Yours sincerely,

George White

icocasework, Information Commissioner's Office

To read this email in English click [1]here

I darllen yr ebost yn y Gymraeg, cliciwch [2]yma

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence. During the Coronavirus
pandemic, please see our [3]website for updates on the service you can
expect from us during this time.  You can also call us on 0303 123 1113 or
contact us via live chat. 

 
If you have asked us for advice - we will respond within 14 days. While
you wait, you should regularly check our [4]website for relevant
guidance, as we are updating this all the time. You should also read our
[5]GDPR myth busting blogs. If you have raised a question that we have
answered on our website, we may respond by sending you a link to it.  But
we will do our best to provide you with the information you need.
 
If you have made a new complaint - we’re unlikely to look into it unless
you have raised it with the [6]responsible organisation (for a data
protection complaint) or the [7]responsible public authority (for a
freedom of information complaint) first. Please make sure you have sent
us a copy of their final response to you. We will assign your complaint to
a case officer as soon as we can, and they will contact you in due
course. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer. If you believe
we have either failed to take appropriate steps to respond to your data
protection complaint, or we do not provide you with information about the
progress or outcome of your complaint within the next three months, you
may be able to apply to the [8]First-tier Tribunal to require us to
respond to your complaint or to provide you with information about its
progress.
 
If you represent an organisation and you are reporting a personal data
breach under the GDPR or the Data Protection Act 2018 - we aim to contact
you within seven days to confirm receipt and to provide you with a case
reference number. If you want advice urgently, you should telephone our
helpline on 0303 123 1113. If we consider the incident is minor or you
have indicated that you do not consider it meets the threshold for
reporting, you may not receive a response from us, or we may respond by
sending you a link to the relevant part of our guidance. You can find out
more about [9]data breach reporting on our website.

Where a significant cyber incident occurs, you may also need to report
this to the National Cyber Security Centre (the NCSC). To help you decide,
you should read the NCSC’s guidance about their role and the type of
incidents that you should consider reporting.  

Incidents that might lead to a heightened risk of individuals being
affected by fraud, should be reported to Action Fraud – the UK’s national
fraud and cybercrime reporting centre. If your organisation is in
Scotland, then reports should be made to Police Scotland.

If you are a Communications Service Provider reporting a security breach
under the Privacy and Electronic Communications Regulations – you will
need to report the security breach via this [10]secure portal.

If you represent an organisation and are reporting a potential incident
under the NIS Directive - we will contact you as soon as we can. You can
find out more about the [11]NIS Regulations on our website.

If you represent an organisation and you are reporting a security breach
within the definition of the eIDAS regulation – we will contact you as
soon as we can. You can find out more about the [12]eIDAS regulation on
our website.

If you have reported spam email – we are unlikely to need to contact you
again, unless we need more information to help with our investigations. We
publish details about the [13]action we've taken on nuisance messages on
our website.
 
If you have asked for information you think we might hold - we will
contact you if we need any more information to help us respond. Otherwise,
we will respond within our [14]public and statutory service levels.
 
If you have only copied your correspondence to us - we will not respond.
 
There is more information on our [15]service standards and what to expect
webpage. You can also call 0303 123 1113. We welcome calls in Welsh on
0330 414 6421. You can also contact us on [16]live chat.
 
For information about what we do with personal data please see our
[17]privacy notice.
 
Yours sincerely
 
The Information Commissioner’s Office
 
Our newsletter
You can [18]sign up to our monthly e-newsletter
 
 
Pwnc: Mae’ch neges ebost wedi dod i law

Diolch yn fawr ichi am gysylltu â Swyddfa’r Comisiynydd Gwybodaeth. Yn
ystod y pandemig Coronafeirws, gweler [19]ein gwefan am ddiweddariadau ar
y gwasanaeth sydd ar gael i’r cyhoedd ar hyn o bryd. Hefyd, mae’n bosib
ein ffonio ar 0303 123 1113, neu gysylltu â ni trwy sgwrs fyw.

Os ydych wedi gofyn am gyngor – byddwn yn ymateb o fewn 14 diwrnod. Tra
byddwch yn aros, dylech edrych yn rheolaidd ar ein [20]gwefan i chwilio am
ganllawiau perthnasol, gan eu bod yn cael eu diweddaru drwy’r amser. Hefyd
dylech ddarllen ein [21]blogiau ynghylch mythau’r GDPR. Os ydych wedi codi
cwestiwn sydd wedi’i ateb ar ein gwefan, mae’n bosibl y byddwn yn ymateb
drwy anfon dolen atoch i gysylltu â’r ateb.  Ond fe wnawn ein gorau glas i
roi’r wybodaeth angenrheidiol ichi

Os ydych wedi gwneud cwyn newydd – dydyn ni ddim yn debygol o edrych i
mewn iddo oni bai eich bod wedi’i godi’n gyntaf gyda’r [22]sefydliad
cyfrifol (cwyn am ddiogelu data) neu’r [23]awdurdod cyhoeddus cyfrifol
(cwyn am ryddid gwybodaeth). Gofalwch eich bod wedi anfon copi aton ni o’u
hymateb terfynol ichi. Byddwn yn rhoi’ch achos i swyddog achosion cyn
gynted ag y gallwn, a bydd y swyddog yn cysylltu â chi maes o law.

Os yw’ch gohebiaeth yn ymwneud ag achos sydd eisoes yn bod - byddwn yn ei
hychwanegu at eich achos ac fe gaiff ei hystyried ar ôl cael ei dyrannu i
swyddog achosion. Os ydych yn credu ein bod ni naill ai wedi methu cymryd
camau priodol i ymateb i'ch cwyn diogelu data, neu heb ddarparu gwybodaeth
ichi am gynnydd neu ganlyniad eich cwyn o fewn y tri mis nesaf, efallai y
byddwch yn gallu gwneud cais i'r [24]Tribiwnlys Haen Gyntaf i’w gwneud yn
ofynnol inni ymateb i'ch cwyn neu ddarparu gwybodaeth ichi am gynnydd eich
cwyn.

 
Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am drosedd data
personol o dan y GDPR neu Ddeddf Diogelu Data 2018 – rydym yn anelu at
gysylltu â chi o fewn saith niwrnod calendr i gadarnhau bod eich neges
wedi dod i law ac i roi rhif cyfeirnod achos ichi. Os oes arnoch eisiau
cyngor ar frys, dylech ffonio’n llinell gymorth ar 0303 123 1113. Os ydym
o’r farn bod y digwyddiad yn un mân neu os ydych chi wedi nodi nad ydych
o’r farn bod y digwyddiad yn cyrraedd y trothwy i roi gwybod amdano, mae’n
bosibl na chewch ymateb gennym, neu efallai y byddwn yn ymateb drwy anfon
dolen atoch i gysylltu â’r rhan berthnasol o'n canllawiau. Cewch ragor o
wybodaeth am [25]roi gwybod am droseddau data ar ein gwefan.

Pan fo digwyddiad seibr arwyddocaol yn digwydd, mae’n bosibl y bydd angen
ichi roi gwybod amdano hefyd i’r Ganolfan Seiberddiogelwch Genedlaethol
(yr NCSC). I’ch helpu i benderfynu, dylech ddarllen canllawiau’r NCSC ar
eu rôl a’r math o ddigwyddiadau y dylech ystyried rhoi gwybod amdanyn nhw.

Dylai digwyddiadau a allai arwain at risg uwch y bydd twyll yn effeithio
ar unigolion gael eu cyfleu i Action Fraud – sef canolfan genedlaethol y
Deyrnas Unedig ar gyfer rhoi gwybod am dwyll a seiberdroseddau. Os yw eich
sefydliad yn yr Alban, yna i Heddlu’r Alban y dylech chi roi gwybod.

Os ydych yn Ddarparwr Gwasanaethau Cyfathrebu sy’n rhoi gwybod am dor
diogelwch o dan y Rheoliadau Preifatrwydd a Chyfathrebu Electronig – bydd
angen ichi roi gwybod am y tor diogelwch drwy’r [26]porth diogel hwn.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am ddigwyddiad
posibl o dan Gyfarwyddeb yr NIS – byddwn yn cysylltu â chi cyn gynted ag y
gallwn. Cewch ragor o wybodaeth am [27]Reoliadau’r NIS ar ein gwefan.

Os ydych yn cynrychioli sefydliad a’ch bod yn rhoi gwybod am dor diogelwch
o fewn y diffiniad yn Rheoliad eIDAS – byddwn yn cysylltu â chi cyn gynted
ag y gallwn. Cewch ragor o wybodaeth am [28]Reoliad eIDAS ar ein gwefan.

Os ydych wedi rhoi gwybod am ebost sbam – mae’n annhebygol y bydd angen
inni gysylltu â chi eto, oni bai bod arnon ni angen rhagor o wybodaeth i
helpu yn ein hymchwiliad. Rydym yn cyhoeddi gwybodaeth am [29]y camau
rydyn ni wedi’u cymryd ynghylch negeseuon niwsans ar ein gwefan.

Os ydych wedi gofyn am wybodaeth yr ydych yn credu ei bod gennyn ni –
byddwn yn cysylltu â chi os bydd arnom angen rhagor o wybodaeth i’n helpu
i ymateb. Fel arall, byddwn yn ymateb ichi o fewn ein [30]lefelau
gwasanaeth statudol a chyhoeddus. 

Os ydych wedi anfon copi o’ch gohebiaeth aton ni ond dim byd arall –
fyddwn ni ddim yn ymateb.

Mae rhagor o wybodaeth ar ein tudalen gwe [31]safonau gwasanaeth a beth
i’w ddisgwyl. Gallwch ffonio hefyd ar 0330 414 6421, neu yn Saesneg ar
0303 123 1113. Gallwch gysylltu â ni hefyd i gael [32]sgwrs fyw.

I gael gwybodaeth am yr hyn rydyn ni’n ei wneud â data personol, gweler
ein [33]hysbysiad preifatrwydd. 

Yn gywir

Swyddfa’r Comisiynydd Gwybodaeth

Ein cylchlythyr

Gallwch [34]gofrestru i gael ein e-gylchlythyr misol

 

 

References

Visible links
1. file:///tmp/foiextract20200909-6763-1w1gpsj#English
2. file:///tmp/foiextract20200909-6763-1w1gpsj#Gymraeg
3. https://ico.org.uk/global/data-protectio...
4. https://eur03.safelinks.protection.outlo...
5. https://eur03.safelinks.protection.outlo...
6. https://eur03.safelinks.protection.outlo...
7. https://eur03.safelinks.protection.outlo...
8. https://eur03.safelinks.protection.outlo...
9. https://eur03.safelinks.protection.outlo...
10. https://eur03.safelinks.protection.outlo...
11. https://eur03.safelinks.protection.outlo...
12. https://eur03.safelinks.protection.outlo...
13. https://eur03.safelinks.protection.outlo...
14. https://eur03.safelinks.protection.outlo...
15. https://eur03.safelinks.protection.outlo...
16. https://eur03.safelinks.protection.outlo...
17. https://eur03.safelinks.protection.outlo...
18. https://eur03.safelinks.protection.outlo...
19. https://ico.org.uk/global/data-protectio...
20. https://eur03.safelinks.protection.outlo...
21. https://eur03.safelinks.protection.outlo...
22. https://eur03.safelinks.protection.outlo...
23. https://eur03.safelinks.protection.outlo...
24. https://eur03.safelinks.protection.outlo...
25. https://eur03.safelinks.protection.outlo...
26. https://eur03.safelinks.protection.outlo...
27. https://eur03.safelinks.protection.outlo...
28. https://eur03.safelinks.protection.outlo...
29. https://eur03.safelinks.protection.outlo...
30. https://eur03.safelinks.protection.outlo...
31. http://ico.org.uk/about_us/how_we_work/s...
32. https://eur03.safelinks.protection.outlo...
33. https://eur03.safelinks.protection.outlo...
34. https://eur03.safelinks.protection.outlo...

Dear ico

see https://www.cfoi.org.uk/2020/09/ico-refu...

Severe delays by some authorities in replying to FOI requests has long been the most serious problem facing requesters. In 2010 the ICO began monitoring authorities that repeatedly failed to meet FOI time limits. It press-released their names and continued monitoring them until their performance improved. Monitoring gradually declined, ceasing altogether in 2017.

It seems to be there's rules for when an Authority can take longer than 20 days to respond to a request or review. So please give me all instances where Highways England took longer than 20 days to address a request or review and the explanations given and the explanations ICO sought and the responses provided and if you were satisfied the rules were right. Since 2017 should do.

Yours sincerely,

George White

Sharon Wheeler left an annotation ()

You really seem to be struggling with the basics of FOI. Internal Reviews aren’t even in the legislation! Go and read the FOI code of practice, it might stop you making such pointless requests.

ICO Casework, Information Commissioner's Office

2 Attachments

7 October 2020

Our reference: IC-60742-S3S5
Dear George White,

Request for Information

Thank you for your information request which we received 9 September
2020. 

We have dealt with your request in accordance with your ‘right to know’
under section 1(1) of the Freedom of Information Act 2000 (FOIA).

Request

In your email you asked:

“Severe delays by some authorities in replying to FOI requests has long
been the most serious problem facing requesters. In 2010 the ICO began
monitoring authorities that repeatedly failed to meet FOI time limits. It
press-released their names and continued monitoring them until their
performance improved. Monitoring gradually declined, ceasing altogether in
2017.

It seems to be there's rules for when an Authority can take longer than 20
days to respond to a request or review.  So please give me all instances
where Highways England took longer than 20 days to address a request or
review and the explanations given and the explanations ICO sought and the
responses provided and if you were satisfied the rules were right.  Since
2017 should do.”

Section 10 of the FOIA sets out the time frames within which a public
authority must respond to an FOIA request. I have interpreted your request
to be about complaints received in relation to Highways England, where
they have failed to meet the section 10 requirements of the FOIA.

I can confirm we hold information within the scope of your request. Our
case management systems hold FOI complaints information in line with our
retention schedule which you can find here.

[1]https://ico.org.uk/media/about-the-ico/p...

Please find attached with this response two csv files. These provide
information about the FOI complaints received about Highways England in
the scope of your request. This information has been extracted from two
case management systems. The handling of FOI complaints cases is now being
undertaken in a new casework system, therefore the timescale of your
request includes information from the previous casework system and the
current one. The reporting options for the two systems have some
differences which you will note from the two csv files provided. Please
also be advised that the failure to meet FOIA section 10 may not be the
only reason for complaint in some of these cases.

I have also included a link our website which provides further details
about FOI case outcome definitions used in our case management systems.
[2]https://ico.org.uk/media/about-the-ico/d...

For information prior to that held in our casework systems I can also tell
you that we publish datasets regarding our Freedom of Information casework
on our website. This means that you will be able to search against the
data controller you are interested in, the nature of the complaint and the
outcome. Please find a link to the complaints and concerns datasets below.

[3]https://ico.org.uk/about-the-ico/our-inf...

Review Procedure
I hope this provides you with the information you require. However, if you
are dissatisfied with this response and wish to request a review of our
decision or make a complaint about how your request has been handled you
should write to the Information Access Team at the address below or email
[4][ICO request email].

Your request for an internal review should be submitted to us within 40
working days of receipt by you of this response. Any such request received
after this time will only be considered at the discretion of the
Commissioner.
If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further right
of appeal to this office in our capacity as the statutory complaint
handler under the legislation. To make such an application, please write
to our Customer Contact Team at the address given or visit our website if
you wish to make a complaint under either the Freedom of Information Act
or Environmental Information Regulations.
A copy of our review procedure can be accessed from our website here.

[5]https://ico.org.uk/media/about-the-ico/d...

Yours sincerely,

Sarah Whelan 
Senior Information Access Officer
Information Commissioner’s Office 

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0303 123 1113 [6]ico.org.uk [7]twitter.com/iconews
Please consider the environment before printing this email
Please be aware we are often asked for copies of the correspondence we
exchange with third parties. We are subject to all of the laws we deal
with, including the data protection laws and the Freedom of Information
Act 2000. You can read about these on our website ([8]www.ico.org.uk).
Please say whether you consider any of the information you send us is
confidential. You should also say why. We will withhold information where
there is a good reason to do so.
For information about what we do with personal data see our privacy notice
at [9]www.ico.org.uk/privacy-notice

References

Visible links
1. https://ico.org.uk/media/about-the-ico/p...
2. https://ico.org.uk/media/about-the-ico/d...
3. https://ico.org.uk/about-the-ico/our-inf...
4. mailto:[ICO request email]
5. https://ico.org.uk/media/about-the-ico/d...
6. https://ico.org.uk/
7. https://twitter.com/iconews
8. https://www.ico.org.uk/
9. https://www.ico.org.uk/privacy-notice

George White left an annotation ()

Sharon Wheeler - if you've nothing constructive to say ...
You appear to be struggling with the basics of reading and comprehension it might stop you making such pointless comment.