It’s less than a month until the ICO annual report is launched in London, giving us the opportunity to look back at a year’s work. It’s always an interesting experience, as we briefly shift our emphasis from concentrating on the future to contemplating the past.
As ever, much of the annual report will be dominated by the stats and figures that measure our performance. This blog gives a preview of a few of those figures, and explains a little of the story behind the numbers.
76% – the number of cases the ICO resolves within 90 days
One of the big highlights of the report for those of us who’ve been at the ICO a while is that there aren’t any unacceptable backlogs. We handle large numbers of complaints, both around freedom of information requests that public authorities have turned down and around potential data breaches.
Our current turnaround times are at our lowest ever levels, with 76% taking less than 90 days, hardly anything taking longer than six months and most taking much less. Yet the number of new cases we received went up. Effectively, we did more for less, something we all know we need to keep doing in the current economic climate.
23 – number of CMPs issued in the last financial year
Let’s get the headlines out of the way first. That figure is more than double the previous year’s total, as we increasingly use this power to improve compliance. Of the 23, 19 were for data protection breaches, of which 18 were for breaching the seventh data protection principle of keeping personal information secure: organisations can surely be in no doubt that they must look after people’s personal data properly.
But the big highlight for us was the three penalties for breaking the rules around nuisance calls and spam texts. One of our biggest challenges across the year was to address consumer concerns around this nuisance. We wanted to use our new powers, but we needed to overcome the challenges of establishing that the level of distress caused was sufficient to trigger a fine. Our solution was to use an online reporting tool to make it easy for the public to let us know about their concerns. It was an incredible success, with over 150,000 contacts in twelve months.
This information, together with complaints data enabled us to take action. We contacted our worst offenders and met with some of them. This led to some significant successes with complaints levels falling dramatically. When it didn’t work, the next step was a fine: we issued £440k of penalties to a pair who sent out hundreds of thousands of text messages a day, and a further £90k to a company who broke cold calling rules. We continue to work very closely with other regulators, including Ofcom and the Ministry of Justice, to tackle this significant problem.
90% – customer satisfaction
Working with concerned consumers is a big part of our work. We provide a highly valued and well praised advice service (over 90% satisfaction rating). We can’t provide compensation, but lots of people tell us that what they are really interested in is making sure that no-one else has to face the same problems they had. Our focus is therefore on getting organisations to do things better.
To this end, our good practice team continue to mix data protection audits with advisory visits in record numbers, supplementing the ICO’s general guidance.
+1 – new intel hub
Our ability to gather information improved significantly as we developed our intelligence hub. We are now able to supplement what we get from complaints with general enquiries. We were able to identify emerging threats and produce regular reports for our website outlining what action we have taken. This reporting provides vital reassurance to the public that we take their concerns seriously.
|Simon Entwisle is responsible for all the ICO’s operational functions, including Customer Contact, Case Resolution, Enforcement and Good Practice as well as the Assistant Commissioners in Wales, Scotland and Northern Ireland.|