Introduction
This information charter sets out the standards that you can expect from the Information Commissioner’s Office (ICO) when we request or hold information, including but not limited to personal data about you or your enquiries. The charter covers both personal data and other information the Information Commissioner holds in connection with his duties under the Data Protection Act 1998, Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
It will tell you how you can get access to information, including your personal data and what you can do if you think standards are not being met. It will also assist any individual or organisation in contact with the ICO or subject to its enforcement procedures to understand how the information concerning them is treated and when we will consider it for disclosure on request.
This charter will be reviewed annually and updated to take into account any changes in legislation or our policies. This charter replaces our previous guidance ‘The Information Commissioner’s Transparency Policy: Disclosing Information about Specific Individuals and Organisations.’
Responsibilities
The Chief Operating Officer owns this charter on behalf of the Executive Team and is responsible for its implementation.
The Internal Compliance Manager will ensure that information security policies and procedures are reviewed and implemented across business functions ensuring ongoing continuous improvement. These policies aim to ensure that the requirements of confidentiality, integrity and availability are maintained at each stage in the information lifecycle. The Internal Compliance Manager is also responsible for responding to requests for information and for dealing with complaints about how we have handled ICO data.
The Information Asset Owners actively manage and monitor the whole of the information lifecycle from the creation of documents through to deletion.
Heads of Departments are responsible for ensuring that their staff are compliant with all policies and procedures
All staff and contractors are trained in and are aware of their responsibilities as set out in these policies
Types of information
The ICO holds both personal and non-personal information in a variety of databases and information stores which are critical to its regulatory activities, together with systems relating to ICO’s support functions such as human resources, facilities and finance.
How our information is managed
At the ICO we manage, maintain and protect all information according to legislation, ICO policies and best practices. We have security measures in place to maintain and safeguard the confidentiality, integrity and availability of our systems and data. All information is stored, processed and communicated in a secure manner making it readily available to authorised users.
The ICO is also committed to the proactive dissemination of information, to be open and transparent and will routinely publish information unless restricted by legislation or public policy considerations.
Personal information
We know how important it is to protect customers’ privacy and to comply with the Data Protection Act. We will safeguard your information and in most circumstances will not disclose personal data without consent. If we ask customers for personal information we will:
- let them know why we need it, where it is not obvious
- only ask for what we need, and not collect excessive or irrelevant information
- make sure nobody has access to it who should not
- let customers know if we share it with other organisations, and
- only keep it for as long as we need to in accordance with our retention schedule.
In return, to keep information reliable and up to date, we ask customers to:
- give us accurate information, and
- tell us as soon as possible of any changes, such as a change of address.
Access to personal information
You can find out if we hold any personal information about you by making a ‘subject access request’ under the Data Protection Act. If we do hold information about you we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be disclosed to, and
- let you have a copy of the information in an intelligible form.
We handle all information in a manner that respects the rights of individuals and which complies with the requirements of the Data Protection Act. To make a request to the ICO for any personal information it may hold you need to put the request in writing addressing it to our Internal Compliance Team
or writing to address provided below.
If we do hold information about you, you can ask us to correct any mistakes by contacting us using the same contact details.
Access to information
The Freedom of Information Act 2000 enables the public to have access to unpublished information from a public body subject to certain conditions. The ICO has a Guide to Information which provides an overview of the information that is available to access.
The ICO is committed to the proactive dissemination of information, to be open and transparent and will publish information unless restricted by legislation. Like all other public sector organisations the ICO is required to make the information it holds available unless subject to an exemption.
A request for information as well as any queries about making a request can also be e-mailed to the Internal Compliance Team
Legislation – disclosure of information
The Freedom of Information Act 2000 and the Data Protection Act 1998 have a number of exemptions which must be considered before publication or disclosure. However, we will not withhold information simply because it falls into a relevant exemption. We will assess the impact of disclosure in relation to the requested information and make a decision on a case-by-case basis (except where we have decided that information of that type should be published proactively).
Section 59 of the Data Protection Act 1998 makes it an offence for the Commissioner or member of his staff to knowingly or recklessly disclose information that has been obtained or provided for the purposes of the Act without lawful authority.
Factors we will take into account when considering whether information should be disclosed will include the following.
- The extent to which the information, or some of it, is already in the public domain.
- Who is asking for the information and why they want it.
- The extent to which a requester is prepared to give an assurance of confidentiality and the extent to which this can be relied on.
- Whether the needs of the requester can be met by supplying part of the information or supplying it in a different form.
- Whether the information is personal in nature and the extent to which its disclosure would be an intrusion on privacy.
- The reasonable expectations of the person or organisation who supplied the information to the ICO as to confidentiality, onwards disclosure etc.
- Whether disclosing the information would be likely to prejudice the ICO’s functions, for example, by undermining an investigation, development of public policy or a potential prosecution.
You can also obtain more information on:
- agreements we have with other organisations for sharing information
- circumstances where we can pass on your personal data without telling you, for example, to prevent and detect crime and to produce anonymised statistics
- our instructions to staff on how to collect, use and delete your personal data, and
- how we check that the information we hold is accurate and up to date.
Requests for this information can also be e-mailed to the Internal Compliance Team or by writing to:
Internal Compliance Team
Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Read more in our
guide to information
.