The data protection powers of the Information Commissioner's Office are to:
- conduct assessments to check organisations are complying with the Act;
- serve information notices requiring organisations to provide the Information Commissioner's Office with specified information within a certain time period;
- serve enforcement notices and 'stop now' orders where there has been a breach of the Act, requiring organisations to take (or refrain from taking) specified steps in order to ensure they comply with the law;
- prosecute those who commit criminal offences under the Act;
- conduct audits to assess whether organisations processing of personal data follows good practice; and
- report to Parliament on data protection issues of concern.
Appeals from notices are heard by the Information Tribunal, an independent body set up specifically to hear cases concerning enforcement notices or decision notices issued by the Information Commissioner.
Strategy for Data Protection Regulatory Action
.