Information Commissioner's Office

🆕 We have issued a practice recommendation to United Utilities for failing to properly handle requests for important environmental information from the public. Water companies have a legal obligation to make information about the environment available under the Environmental Information Regulations (EIR), both proactively and if requested by the public. Our investigation found that United Utilities had repeatedly failed to respond to requests for information within the legal timeframe of 20 working days. Following the complaints, we also found that the water company often refused to respond to requests because they claim that the information being requested wasn't environmental. Warren Seddon, Director of Freedom of Information and Transparency, said: “Any information that would enlighten the public about how United Utilities operates and the impact it has on the environment is, by its very nature, likely environmental – this includes data on sewage spills and the performance of its wastewater treatment works.” We have now instructed United Utilities to take a much broader interpretation of environmental information and ensure it properly handles legitimate EIR requests. Read more about our action: https://lnkd.in/ejC3ZSX7 You can also read the Information Commissioner’s recent letter to water company bosses about the importance of transparency: https://lnkd.in/erRt69fg

🚨 Last chance! 🚨 Our call for views and evidence on children’s privacy closes tomorrow. We’re seeking evidence from interested stakeholders including online services, academics and civil society to share views and evidence on two areas of children’s privacy. We’ll use the evidence gathered to inform our ongoing work to secure further improvements in how social media platforms and video sharing platforms protect children’s privacy. Submit your thoughts before tomorrow’s deadline now: https://lnkd.in/eVptf6yG

NEW: Our FOI case study with @MetOfficeUK demonstrates how proactive, cross office collaboration helps to tackle an influx of FOI requests. In a challenging year, they achieved 100% compliance rate with EIR requests and 97% with FOI requests leading to an award win at the eCase FOI24 awards. This case study is an example of the benefits of good FOI practice. The FOI25 awards are still open for nominations, get your submissions in now: https://lnkd.in/exTg2gS7 Read the case study in full on our website: https://lnkd.in/eRjd82s5

NEW: We’ve fined two financial and debt management companies a total of £150,000 for sending between them over 7.5million spam text messages to people. Quick Tax Claims Limited sent 7,863,547 unlawful text messages over the course of a month, leading to 66,793 complaints. National Debt Advice Limited sent 129,902 spam text messages, leading to 4,033 complaints. Both companies had purchased personal information from third-party suppliers and did not conduct checks to make sure they had valid consent. Use the guidance on our website to make sure that your direct marketing campaigns comply with data protection law: https://lnkd.in/ewShc7pB Read more about the fines on our website: https://lnkd.in/e2G7sRk6

We’d like to take this opportunity to thank Claudia for her contributions as our General Counsel over the past three years and wish her luck when she begins her new role in the New Year.

“We believe data protection should be a ‘how to’ not a ‘don't do.” Data has the power to drive innovations that can make public services more effective and more efficient. Good data protection practice is a prerequisite for delivering those benefits. Emily Keaney, our Deputy Commissioner, Regulatory Policy, talks about how government can use and share data responsibly. If you work in government departments, local government or another public sector organisation, we have guidance on: 👉 Data sharing: https://lnkd.in/ekgJQrrS 👉 Information security: https://lnkd.in/eVSbmnRT 👉 Accountability and governance: https://lnkd.in/e-hPM5UZ 👉 Identifying personal information: https://lnkd.in/ePAcnNTd

NEW: Stephen Almond, our Executive Director Regulatory Risk, has been attending industry events to discuss our regulatory work on AI and how public sector organisations can harness the power of AI safely and securely. Read his thoughts below 👇

NEW: We’ve reprimanded a law firm for a data breach impacting over 8000 people. The hacker used compromised account credentials to gain access to the private information. We found that Levales Solicitors LLP did not have multi-factor authentication enabled and had not reviewed their data security procedures for over a decade. You can read the case and reprimand in full: https://lnkd.in/gTHtyXUp 💡 What can you learn from this case Simply having data security procedures is not enough – data protection is more than a tick box exercise. This case shows the importance of stress-testing your process and procedures and regularly reviewing them to ensure they meet current standards. Our Accountability Framework is a great tool for you to review whether the processes and policies you’ve put in place actually work: https://lnkd.in/gDq5WMty

Today is #InternationalDayOfTheGirl - We work with UNICEF to ensure girls have equal opportunities and benefit from digital advancements while protecting them from online risks and exploitation. We work with UNICEF Expert Advisory Panel on the best interest of the child in the digital environment. They work to ensure girls have equal opportunities and benefit from digital advancements while protecting them from online risks and exploitation. We support the panel understand the views, challenges and needs around interpreting the best interest principles to help governments develop best interest policies, regulators to enforce policy, and tech companies to design products that conform with the best interest principles. We already have a best interest of the child self-assessment tool to help organisations in the UK design according to best interest of the child principles: https://lnkd.in/eNZVXSWe #DayoftheGirl

NEW: We’ve fined WerepairUK Ltd and Service Box Ltd for making over 48,000 combined predatory marketing calls targeting elderly people who were registered with the Telephone Preference Service (TPS). We found that people living with illnesses such as dementia, like Juliet’s mother, were unlawfully called and sold policies they didn’t need or understand. “She was cold called every day by different companies trying to sell things… “Around 10 policies from various companies were taken out. One company even sold my mother the same policy twice… “I would notice money going out of her bank account, but it was unclear who was making the charges.” Read more about the two fines, as well as Juliet’s full story, on our website: https://lnkd.in/eDaT8jhS We have advice on the proactive steps you can take to help protect the people you care about: • Look out for unknown direct debits being paid. • Ensure they are registered for the Telephone Preference Service. • Report unsolicited marketing calls to us. We also have guidance on our website to help make sure your campaigns comply with data protection laws: https://lnkd.in/ewShc7pB