Latest update.... they're still toothless!
I can confirm that the ICO is still toothless. My bank has now failed twice to comply with my section 11 request to cease processing my personal data for diect marketing purposes but they have refused to take action. After the first failure to comply the ICO wrote to my bank and told them what they needed to do to comply but they've simply ignore them.
The reason why data protection in this country is so bad is because the ICO focuses on easy wins. If it's a government organisation they're all over them because they know that they will have to comply, but if they actually have to argue the law with a bank's lawyers then they go weak at the knees.
Failure to comply with a section 11 notice twice and they're still refusing to take action. Someone somewhere is giving a misleading account of the ICO.