Anyone else noticed the change of stance from the Information Commissioner’s Office?
Previously any corporate failed to comply with subject access requests would ultimately get a stern letter from the ICO, and threatened with prosecution by the ICO if they did not comply.
Now I notice the ICO response is just to “We have told them they should now review your subject access request and ensure that they provide you with the appropriate response as soon as possible or within 14 calendar days. Should Big Corporate PLC not provide you with the personal data to which you are entitled, you have the right to approach the courts for an order for your data to be released. Legal action of this nature is not something that the ICO can assist with.”
So, the whole regime has gone from ICO pretending that they would ultimately enforce in the courts (which granted they rarely did, and they were pretty bad at) to one where the complainant is responsible now for enforcement action. Which leads to the question… what exactly is the point of the ICO now then?
Another part of the public sector which completely fails in its basic day job.
Comment