Information Commissioner's Office Avaliações 499

The ICO publishes clear guidance based on GDPR for Data Controllers but when an individual produces evidence of a breach, the ICO position is to reject the complaint stating that the rejection is in line with their “published framework” without giving any details about which part of the framework the complaint fails on. It is therefore impossible to know how the complaint may be reframed in order to merit proper consideration.

The background: A utility bill is frequently used as a means of identification. It does not seem unreasonable to expect the utility company to keep the details of a bill secure, lest a bad actor were to use said details to produce a bogus but convincing utility bill. When I discovered that certain details from my bill were easily available on the internet I complained to the utility company, asking them to either cease to use my data in this way or to justify the use by reference to the relevant guidance on the ICO website. Their response was blunt to the point of rudeness (basically “it’s legitimate interest and we’re under no obligation to tell you why”), so the ICO seemed to be the appropriate arbiter. Wrong!

Footnote: I suspect that, in the same way that the Environment Agency is mostly funded by fees derived from Water Companies, the ICO is mostly funded by fees derived from registrations. C4 did an excellent exposé of the EA in ‘Dirty Business’, maybe there are sufficient complaints on here to warrant their attention.

Spoke to "Lydia" on live chat, who might as well not even have bothered working there. She was extremely unhelpful regarding my issues with the Telephone Preference Service and advised me to contact "their regulator." When I pointed out that the ICO is, in fact, their regulator, she simply stopped responding to live chat messages. I made a complaint, but doubt I'll ever hear back. How do these people get jobs?!

Rang today to register, expecting to have problems. Got a fantastic lady (Lisa?) who was super helpful, got the job done efficiently and with great communication. Honestly the best customer service I've ever had from a public body!

Useless.

I contacted the ICO to request assistance in getting a company to delete my private data after multiple attempts. After three months, the ICO responded stating that my case was not a priority for further investigation or action.

Useless and uninterested. Reported a serious data breach of confidential information, took them 6 months to reply, and then said they weren’t even interested. Biggest waste of time. Don’t bother reporting as they don’t care.

Beyond dreadful - I am not sure they even really exist. if so they have a fraction of the capacity needed - broken, not fit for purpose.

Worse than ever. Their enabling of companies who repeatedly and flagrantly abuse customer data and breach GDPR law is truly at a shocking level. They will confirm that the company you’re complaining about has BROKEN THE LAW but they openly state they will be doing absolutely nothing about it.

It’s a joke. Once again the corporations are protected as they continually abuse us and our information, while we have zero protection from it. If I broke the law - I’d be charged and punished appropriately. If these companies do it? They get rewarded and protected by the very governing body that is supposed to govern them - the ICO.

An absolute joke at this point but what else do you expect? Keep sending them the complaints, the ICO obviously want to put people off complaining by doing nothing about the breaches of law, but it has to be noted.

Let’s work together to stop companies abusing us (because the ICO will only protect them and allow them to continue doing it) and also work to prove the ICO as a useless, weak, enabling and pointless entity. Keep sending the complaints. Send them EVERY TIME IT HAPPENS. Nothing is too small.

I used to find this organisation helpful. I would present a case, be assigned a caseworker, and as long as I was correct and my personal data had been wrongly used, there'd be an outcome. (This situation - sharing or mis managing personal information - can arise surprisingly often when you understand your rights in all sorts of communications.) They would write and alert the data controller of a company where there was wrongdoing, and help me. Now, I start with the live chat service, and often get a really sensible response. I keep a transcript and then I present the case to the ICO. But now, it's rare for a caseworker to help. I'll get a message eventually, although it can take months. But they like to say a case "isn't in the public interest" and thus get off the hook and I suppose, save themselves time. Recently, this was profoundly untrue when a local county council had deliberately let data handlers interest themselves in my history, and affect the response to a SAR in a very harmful way indeed. I'd guess that council will carry on treating customers so badly. Even more recently, I simply got blanked. Someone from the ICO wrote and asked for more information (after a long delay of months). I sent it ... waited ... sent again. Nothing. It's a deteriorating service, and often the result is downright insulting.
We should expect the following statements to be adhered to: "ICO acts ... as a strong defender of individuals’ information rights ..." (Regulatory Action policy) "We can make recommendations ..."
They aren't 'strong'. I think there were probably calls between the ICO case worker and the county council in question, and my case may have been dismissed to protect the council. That's my suspicion.
It looks obvious that individual caseworkers differ. This may be normal in terms of human outcomes, but it isn't correct when one follows due process and another simply won't engage. Oddly, a relatively small concern about a local town council was carefully looked at and I received a helpful, detailed reply, and was able to send part of it to the town council's clerk for her information. For that reason only, the one star you have to put up to get the post published, is valid.

Absolutely pointless organisation. If you raise an issue they will inevitably find in favour of the organisation or just won't investigate. No matter what evidence you provide, even if the business admits liability. It needs dispanding and a new body to replace it

A member of staff left their venue and assaulted me on a public road while I was minding my own business. The police couldn't be bothered to collect the footage using the PACE act, or even review it at the time. I submitted a Subject Access Request to get the ball rolling. I was on public land, it was a member of staff in the video, and they committed a crime. There's no reasonable expectation of privacy in this instance - they have to share the footage.

The bar refused to hand over the footage. The ICO sent them an email saying they should reconsider and closed the case. Useless.

The footage will go over the 30 day limit, the ICO know the only evidence is going to be destroyed. They do not care.

They take millions in taxpayer money each year so it is my opinion that this is essentially another parasite institution. Some sort of tool for people in power to lean on when they need to persecute a business or person. The term 'adult-daycare' also springs to mind, frankly. It does not serve the public as far as I can see. Reading the other reviews is depressing.

Waiting 40 weeks for the ICO is like queuing for a takeaway that never arrives. Meanwhile, companies with a history of mishandling your personal data are happily taking the mickey, knowing the regulator operates at the speed of a tortoise on a tea break. A joke organisation for a serious job

They took 4 months to reply only to say that they wouldn’t be investigating my case, even when it’s crystal clear the company I complained about broke the law. I fail to see the point of this body - it’s a waste of taxpayers money and should be disbanded. They could actually fine companies who don’t comply and use that money to improve their services but they’d rather do nothing, it seems.

Waste of time....
Reported a spammer to the ICO but still getting spammed daily by the company.

What's the point of they don't do anything to resolve.

Extremely slow & outcome so idiotic that there should be a case for scrapping this outfit. Absolute waste of public money. What happened? The ICO officer took more than six months to explore my complaint against Booking.com and finally agreed that Booking.com had failed to meet its statutory obligations. It ignored my original request and about six reminders. This wasn't an oversight; it is clearly deliberate policy. That makes its actions unlawful.
Th e ICO officer did nothing about it. No sanction against Booking.com, nothing. So companies with sharp & unlawful practices will continue with their sharp & unlawful practices with absolutely no comeback from the body that should protect us. I would have liked to appeal against the ICO officer's process and perverse decision, but there doesn't seem to be any option to do so.

One has to ask what is the point of having legislation if the enforcement body don't do anything about breaches.

Set up to serve the people that break the law and paid for by the people the law was set up to protect (Tax Payer) as with all these bodies they are only there for the purpose of looking good the serve neither use nor ornament and will not protect you from the law breakers as they are employed by the law makers

I am not surprised that ICO has 1 star rating and ZERO good reviews.
I know very well what a GDPR breach is, as we all have been constantly bombarded with tedious training after training, since 2018. They plant in your head that GDPR is something you must be very aware of and be vigilant what you do, otherwise... you will be sacked, punished, you could even face prison time for an accidental mistake. So, It seemed a serious organisation and it is quite nice to think our personal data is so well looked after!
Well, sadly is not the case,they instead laugh at the tax payer, they do NOTHING and less. They are absolutely useless and a waste of space.
I reported two incidents were data was kept and misused, I provided proof. However, In both occasions the outcome was "No further action", they did not find anything despite all the evidence. Of course, they did not even look, they must be using AI to answer emails (even though it took them 2 months).
They do not do anything, they just have to exist and waste our time and money as we still have to pay this usless organisation their salaries.
You should be ashamed.
Do not waste your time.

Company A, that I never had any contract with, told company B to send me bills for the service I don't receive. Company B is threatening me with a legal action. Both companies refuse to provide how they obtained my details and refuse to remove them, telling me to contact the other.

ICO's outcome is "no harm, no wider impact". There is nothing in ICO's response referring to anything I wrote in my complaint.

They looked at the category "no response to Subject Access Request" and just closed it without reading it.

Omg I knew before I looked I thought when I saw there page that they were professional but then I listened to excuses and unprofessional staff I thought another let down I contacted them about police failing to give me my data records witch I breaking law avoid this place massive let dow

Utterly useless.

My partner and I were the victim of fraud when our personal data was stolen and sold on by a sham company (who are still operating). We lost thousands and incurred damage to our property.

ICO have seen the evidence of illegal, intentional, and fraudulent data breach right before their eyes, and have come up with absolutely nothing to bring the perpetrators to account, other than to tell us they won't be taking it any further.
They have provided no reason as to why. Zero. They effectively admitted *themselves* that the company were breaking the law and that they had received similar complaints from other victims about the same business.

This is a perfect example of a complete waste of taxpayers' money. They literally have *one* job and they effectively do nothing towards delivering it.
(Hopefully the next government will close them down or drastically shake them up.)

Message to any individuals or businesses who are thinking of breaking personal data protection law:

"Go ahead, be as blatant as you like, break the law, as the ICO will do absolutely zero to hold you to account and you'll get away with it every time."

It takes 40 weeks to receive a response from the ICO for an organisation that didn't respond to a FOI request? What an absolute joke. A pointless and pathetic excuse of a service. Shut this organisation down immediately.