Information Commissioner's Office Recensioni 501

Senseless pro-forma response from ICO after 308 days where they failed to address the personal data violations by a clinical regulator who shared my medical records to third parties without redactions.

The clinical regulator for an alternative practice failed in its duty of care to redact my medical records or anything outside the scope of my complaint. They also committed procedural data law improprieties by demanding my Neurology medical records without caveat of 'no obligation'. Interestingly, the organisation in question redacted the respondents’ submissions thereby indicating an open bias towards its practitioners.

Despite incontrovertible material screenshots that verified the foregoing, the ICO sided with the clinical regulator. There was no substance to the ICO’s decision.

Unlike the historic ICO assessors who were honourable, the recent teams are not assessing data complaints logically or fairly, let alone in a timely manner, perhaps the standards are drastically slipping.

On balance, the regulatory systems are just mechanisms of deflection that are designed to frustrate the victim and shield corporations and industries from accountability.

The hassle of legal action remains unaffordable and counterproductive for victim health, especially with the vexatious nature of insurance firms that may not fulfil cost liabilities if the legal outcome goes south.

Accordingly, the public deserves a cost effective data regulatory guardian to avoid such eventualities, but the ICO are nothing of the kind and its routinely denying justice to victims of data breaches. For this reason, I have launched a citizens investigation to ascertain the wider levels of maladministration by regulators.

Awful organisation. Do not waste your time. EVEN if you manage to get your complaint by the ICO upheld, you are going to be disappointed.

In my experience, the ICO did not act as an effective protector of individual data‑rights. Their responses felt generic and appeared to favour the organisations under investigation rather than carrying out an independent assessment of the evidence I provided. As a result, I did not feel that my rights were meaningfully upheld. Anyone facing serious data‑protection issues may need to pursue legal action directly, as the ICO’s involvement offered little practical support.

I made a booking with Best Western Sysonby Knoll Hotel and a couple of days later a scammer contacted me via WhatsApp pretending to be Best Western. I reached out to Best Western directly via their website, and they confirmed this was a scammer and they admitted my private data from my booking had been illegally obtained. However, they wouldn't tell me how it had been illegally obtained, and months later, they still refuse to tell me.

I reported them to the ICO, because this is a clear privacy violation and mismanagement of my private data. But the ICO have decided not to investigate.

They have no interest in how my private data got in the hands of criminals or making sure Best Western implements changes to make sure it doesn't happen again.

Because they won't investigate, I have no idea how much of my private data was stolen

They really do just collect your money. Their practices are modelled on TV Licencing. If the ICO were to disappear today, it would make no difference to anyone.

The ICO publishes clear guidance based on GDPR for Data Controllers but when an individual produces evidence of a breach, the ICO position is to reject the complaint stating that the rejection is in line with their “published framework” without giving any details about which part of the framework the complaint fails on. It is therefore impossible to know how the complaint may be reframed in order to merit proper consideration.

The background: A utility bill is frequently used as a means of identification. It does not seem unreasonable to expect the utility company to keep the details of a bill secure, lest a bad actor were to use said details to produce a bogus but convincing utility bill. When I discovered that certain details from my bill were easily available on the internet I complained to the utility company, asking them to either cease to use my data in this way or to justify the use by reference to the relevant guidance on the ICO website. Their response was blunt to the point of rudeness (basically “it’s legitimate interest and we’re under no obligation to tell you why”), so the ICO seemed to be the appropriate arbiter. Wrong!

Footnote: I suspect that, in the same way that the Environment Agency is mostly funded by fees derived from Water Companies, the ICO is mostly funded by fees derived from registrations. C4 did an excellent exposé of the EA in ‘Dirty Business’, maybe there are sufficient complaints on here to warrant their attention.

Spoke to "Lydia" on live chat, who might as well not even have bothered working there. She was extremely unhelpful regarding my issues with the Telephone Preference Service and advised me to contact "their regulator." When I pointed out that the ICO is, in fact, their regulator, she simply stopped responding to live chat messages. I made a complaint, but doubt I'll ever hear back. How do these people get jobs?!

Rang today to register, expecting to have problems. Got a fantastic lady (Lisa?) who was super helpful, got the job done efficiently and with great communication. Honestly the best customer service I've ever had from a public body!

Useless.

I contacted the ICO to request assistance in getting a company to delete my private data after multiple attempts. After three months, the ICO responded stating that my case was not a priority for further investigation or action.

Useless and uninterested. Reported a serious data breach of confidential information, took them 6 months to reply, and then said they weren’t even interested. Biggest waste of time. Don’t bother reporting as they don’t care.

Beyond dreadful - I am not sure they even really exist. if so they have a fraction of the capacity needed - broken, not fit for purpose.

Worse than ever. Their enabling of companies who repeatedly and flagrantly abuse customer data and breach GDPR law is truly at a shocking level. They will confirm that the company you’re complaining about has BROKEN THE LAW but they openly state they will be doing absolutely nothing about it.

It’s a joke. Once again the corporations are protected as they continually abuse us and our information, while we have zero protection from it. If I broke the law - I’d be charged and punished appropriately. If these companies do it? They get rewarded and protected by the very governing body that is supposed to govern them - the ICO.

An absolute joke at this point but what else do you expect? Keep sending them the complaints, the ICO obviously want to put people off complaining by doing nothing about the breaches of law, but it has to be noted.

Let’s work together to stop companies abusing us (because the ICO will only protect them and allow them to continue doing it) and also work to prove the ICO as a useless, weak, enabling and pointless entity. Keep sending the complaints. Send them EVERY TIME IT HAPPENS. Nothing is too small.

I used to find this organisation helpful. I would present a case, be assigned a caseworker, and as long as I was correct and my personal data had been wrongly used, there'd be an outcome. (This situation - sharing or mis managing personal information - can arise surprisingly often when you understand your rights in all sorts of communications.) They would write and alert the data controller of a company where there was wrongdoing, and help me. Now, I start with the live chat service, and often get a really sensible response. I keep a transcript and then I present the case to the ICO. But now, it's rare for a caseworker to help. I'll get a message eventually, although it can take months. But they like to say a case "isn't in the public interest" and thus get off the hook and I suppose, save themselves time. Recently, this was profoundly untrue when a local county council had deliberately let data handlers interest themselves in my history, and affect the response to a SAR in a very harmful way indeed. I'd guess that council will carry on treating customers so badly. Even more recently, I simply got blanked. Someone from the ICO wrote and asked for more information (after a long delay of months). I sent it ... waited ... sent again. Nothing. It's a deteriorating service, and often the result is downright insulting.
We should expect the following statements to be adhered to: "ICO acts ... as a strong defender of individuals’ information rights ..." (Regulatory Action policy) "We can make recommendations ..."
They aren't 'strong'. I think there were probably calls between the ICO case worker and the county council in question, and my case may have been dismissed to protect the council. That's my suspicion.
It looks obvious that individual caseworkers differ. This may be normal in terms of human outcomes, but it isn't correct when one follows due process and another simply won't engage. Oddly, a relatively small concern about a local town council was carefully looked at and I received a helpful, detailed reply, and was able to send part of it to the town council's clerk for her information. For that reason only, the one star you have to put up to get the post published, is valid.

A member of staff left their venue and assaulted me on a public road while I was minding my own business. The police couldn't be bothered to collect the footage using the PACE act, or even review it at the time. I submitted a Subject Access Request to get the ball rolling. I was on public land, it was a member of staff in the video, and they committed a crime. There's no reasonable expectation of privacy in this instance - they have to share the footage.

The bar refused to hand over the footage. The ICO sent them an email saying they should reconsider and closed the case. Useless.

The footage will go over the 30 day limit, the ICO know the only evidence is going to be destroyed. They do not care.

They take millions in taxpayer money each year so it is my opinion that this is essentially another parasite institution. Some sort of tool for people in power to lean on when they need to persecute a business or person. The term 'adult-daycare' also springs to mind, frankly. It does not serve the public as far as I can see. Reading the other reviews is depressing.

Waiting 40 weeks for the ICO is like queuing for a takeaway that never arrives. Meanwhile, companies with a history of mishandling your personal data are happily taking the mickey, knowing the regulator operates at the speed of a tortoise on a tea break. A joke organisation for a serious job

They took 4 months to reply only to say that they wouldn’t be investigating my case, even when it’s crystal clear the company I complained about broke the law. I fail to see the point of this body - it’s a waste of taxpayers money and should be disbanded. They could actually fine companies who don’t comply and use that money to improve their services but they’d rather do nothing, it seems.

Waste of time....
Reported a spammer to the ICO but still getting spammed daily by the company.

What's the point of they don't do anything to resolve.

Extremely slow & outcome so idiotic that there should be a case for scrapping this outfit. Absolute waste of public money. What happened? The ICO officer took more than six months to explore my complaint against Booking.com and finally agreed that Booking.com had failed to meet its statutory obligations. It ignored my original request and about six reminders. This wasn't an oversight; it is clearly deliberate policy. That makes its actions unlawful.
Th e ICO officer did nothing about it. No sanction against Booking.com, nothing. So companies with sharp & unlawful practices will continue with their sharp & unlawful practices with absolutely no comeback from the body that should protect us. I would have liked to appeal against the ICO officer's process and perverse decision, but there doesn't seem to be any option to do so.

One has to ask what is the point of having legislation if the enforcement body don't do anything about breaches.

Set up to serve the people that break the law and paid for by the people the law was set up to protect (Tax Payer) as with all these bodies they are only there for the purpose of looking good the serve neither use nor ornament and will not protect you from the law breakers as they are employed by the law makers

I am not surprised that ICO has 1 star rating and ZERO good reviews.
I know very well what a GDPR breach is, as we all have been constantly bombarded with tedious training after training, since 2018. They plant in your head that GDPR is something you must be very aware of and be vigilant what you do, otherwise... you will be sacked, punished, you could even face prison time for an accidental mistake. So, It seemed a serious organisation and it is quite nice to think our personal data is so well looked after!
Well, sadly is not the case,they instead laugh at the tax payer, they do NOTHING and less. They are absolutely useless and a waste of space.
I reported two incidents were data was kept and misused, I provided proof. However, In both occasions the outcome was "No further action", they did not find anything despite all the evidence. Of course, they did not even look, they must be using AI to answer emails (even though it took them 2 months).
They do not do anything, they just have to exist and waste our time and money as we still have to pay this usless organisation their salaries.
You should be ashamed.
Do not waste your time.