Sign in / up

back to article Been smacked by the ICO? Reveal your internal probes

If public authorities are subject to enforcement action by the Information Commissioner (eg, monetary penalty notice, undertaking, audit, enforcement notice etc), they should be prepared for internal reports into why the action was taken to become the target for Freedom of Information (FOI) requests. This is the outcome of a …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Being smacked by the ICO

    is rather like being hit in the face with a small fish (a la Monty Python sketech).

    3 0
  2. Usually Right or Wrong
    Thumb Down

    Do nothing, pass on the fine

    Responding with the report would be "prejudice to effective conduct of public affairs" when people learned that Ealing council will just pass the fine on through council tax and carry on as before.

    Or maybe they did investigate and improve security, then missed an opportunity to reassure the public.

    Of course, the ICO also published the get-out, as "The ICO decided that the council had correctly applied the ‘prejudice to effective conduct of public affairs’ exemption", so all FOI's of this nature will be responded to according to the ICO's advice; public interest be damned.

    I've sort of lost the plot as to why we have an ICO, or is it because the EU say we must have one, because all organisations handling personal information must register a Data Protection Officer and without an ICO there would be nowhere to register? Other than turning oxygen into green house gasses, do they perform any other function?

    2 1
  3. Hayden Clark Silver badge
    FAIL

    Internal review? What review?

    "The council refused to provide the requested information stating that the information was being withheld under the ‘prejudice to effective conduct of public affairs’ exemption"

    In other words, they had not actually done any kind of review at all, as they did not consider that anything was wrong.

    This is predicated on the idea that the "information security" policies the council has are purely for "compliance" purposes, and nobody can be expected to follow them.

    1 0
  4. matthewtrump

    This is part of my PhD

    This request was submitted as part of the preliminary research I am conducting for my PhD looking at the drivers, methods, and outcomes of information security incident investigations.

    If anyone would like to know more aobut my research, please drop me a line on m.t.trump@edu.salford.ac.uk

    Matthew

    P.S. Ealing Council still haven't released the document...

    3 0
  5. Graham Marsden
    Thumb Down

    ‘prejudice to effective conduct of public affairs’

    Translation: Someone high enough up the food chain was responsible, so we're going to keep schtum and pay the fine with public money instead of sacking the idiot.

    0 0
This topic is closed for new posts.

Other stories you might like