A blog by James Dipple-Johnston, Deputy Commissioner – Chief Regulatory Officer
27 July 2021
When the ICO’s management team met at the start of the pandemic, to discuss how COVID-19 could impact the ICO’s work, our top priority was providing clarity to those we regulate.
We knew that, in uncertain times, organisations needed us to be clear about how we would regulate, and what they could expect to see us do differently.
That is why we published a document setting out our regulatory approach during the pandemic. We wanted to clearly explain what our commitment to being a pragmatic and empathetic regulator would look like in practice, while reiterating the important role that people’s information right would continue to have.
We have kept that document updated throughout the pandemic, outlining where our regulatory approach has adjusted and developed.
As we anticipated at the beginning of the pandemic, some organisations we regulate have faced significant difficulties supporting people’s information rights. NHS organisations, police and local and central government have all faced particular challenges, especially in responding to subject access and freedom of information requests.
Those challenges have not gone away. But this year we have seen more and more organisations adjusting to the circumstances, and returning to offering the transparency – both around data protection and freedom of information – that is so important to developing and maintaining public trust.
This has been our own experience at the ICO too. We have not been immune to the challenges of the pandemic, with staff availability, recruitment and a reduction in physical access to documents all affecting our work at various times. We know too those challenges have not gone away, but our recovery plan has had a positive impact in removing and reducing backlogs.
We want to support all organisations to fully meet the expectations people have around their information rights. Our website provides a wealth of resources to help organisations, while our helpline and live chat services continue to offer help and advice.
We have today published an updated version of our regulatory approach document. It states our commitment to continue taking into account the challenges organisations we regulate face, but also makes clear the value of information rights. We expect organisations should be able to deal with complaints they receive from members of the public, for instance, and we expect organisations to have robust recovery plans in place to reduce any backlogs.
We will continue to update on our regulatory approach, to provide clarity to organisations both during the pandemic and beyond. This will include updating our Regulatory Action Policy, which we will consult on later this year.
Data protection has played a central role in the UK’s response to the pandemic, but the effectiveness of data-driven innovation relies in part on public trust. Likewise, people’s trust in decisions made by government and public authorities relies on transparency. A respect for people’s information rights is central to both, and the ICO will continue to work to protect and support those rights.
James Dipple-Johnstone is Deputy Commissioner – Chief Regulatory Officer at the ICO. He oversees all the ICO’s regulatory outcomes across our investigation, casework, appeals, guidance, international, audit and technology & innovation service areas.