The Information Commissioner

The Information Commissioner’s UK Office (ICO) is responsible for overseeing and enforcing the DPA and FOIA. The ICO is sponsored by the Ministry of Justice, set up as an Independent UK Authority. 

As data protection is not devolved and only one Act exists for the whole of the UK, the ICO is responsible for overseeing and enforcing the DPA throughout the UK. The specific duties of the ICO are set out in Pt VI of the DPA. Broadly speaking it can be said that the ICO has a duty to promote good practice by data controllers; promote the observance of the DPA by data controllers; prepare and disseminate codes of practice, and  inform and educate the public (DPA s51).

In England, Wales and Northern Ireland the Information Commissioner also has responsibility for prosecuting for any breaches of the DPA, and can impose fines of up to £500,000 for data security breaches. In Scotland the power to prosecute lies with the Crown.

More information about the ICO can be found on the Information Commissioner’s Office website.