To: The Information Commissioners Office
Information Commissioner open consultation
The new Data Protection Act 2018 has been given royal assent but the ICO proposal is to continue only to deal with the most serious and public offences whilst the individuals are ignored yet again.
The consultation and associated documents can be found here https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/draft-regulatory-action-policy/
I would ask anyone receiving this to contribute to the consultation and demand that the ICO change their existing approach and mandate a fixed penalty against a data controller for every day that the information is not provided to a lawful applicant.
It should be for the data controller to prove that they have not committed a criminal offence and be held accountable for failing to comply with the time limit set by law.
The consultation and associated documents can be found here https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/draft-regulatory-action-policy/
I would ask anyone receiving this to contribute to the consultation and demand that the ICO change their existing approach and mandate a fixed penalty against a data controller for every day that the information is not provided to a lawful applicant.
It should be for the data controller to prove that they have not committed a criminal offence and be held accountable for failing to comply with the time limit set by law.
Why is this important?
The ICO refuse to enforce the law on behalf of the individual and refuse to investigate no matter how blatantly obvious the offence has been undertaken.
The benefit of the doubt is always given to the data controller.
Section 173 of the new act claims to institute a criminal offence "to alter, deface, block, erase, destroy or conceal information with the
intention of preventing disclosure of all or part of the information that the person making the request would have been entitled to receive."
This is lifted from section 77 of the existing FOIA 2000 which in the 18 years it has been law has NEVER been implemented by the ICO.
Complaints sent to the ICO languish in a 3-4 month queue for attention and if at any point in that timeline the data controller does release any information the ICO deems it to be a matter of slow compliance rather than a criminal offence.
The ICO does however have fixed penalties against data controllers for non payment of ICO fees and the data controller cannot be allowed to pay later than specified.
It is our data and yet the organisation responsible for protecting our rights simply will not do so unless the breach makes the news in some spectacular fashion.
My father died I believe as a result of Corporate Manslaughter and the Police who failed to take action to prevent his death have so far refused to comply with my subject access request and FOIA requests and the ICO simply refuse to investigate or take action.
Please if you can find the time tell the ICO that their attitude is unacceptable and require a change.
The benefit of the doubt is always given to the data controller.
Section 173 of the new act claims to institute a criminal offence "to alter, deface, block, erase, destroy or conceal information with the
intention of preventing disclosure of all or part of the information that the person making the request would have been entitled to receive."
This is lifted from section 77 of the existing FOIA 2000 which in the 18 years it has been law has NEVER been implemented by the ICO.
Complaints sent to the ICO languish in a 3-4 month queue for attention and if at any point in that timeline the data controller does release any information the ICO deems it to be a matter of slow compliance rather than a criminal offence.
The ICO does however have fixed penalties against data controllers for non payment of ICO fees and the data controller cannot be allowed to pay later than specified.
It is our data and yet the organisation responsible for protecting our rights simply will not do so unless the breach makes the news in some spectacular fashion.
My father died I believe as a result of Corporate Manslaughter and the Police who failed to take action to prevent his death have so far refused to comply with my subject access request and FOIA requests and the ICO simply refuse to investigate or take action.
Please if you can find the time tell the ICO that their attitude is unacceptable and require a change.