Information Commissioner's Office

Is your approach to requesting information effective? Follow our simple steps to make sure you’re taking the best approach to requesting information: 1. Search first. If the information has already been published, it may be quicker to find it than to ask for it. Our new checklist can help guide you. 2. Keep it clear. Make your request as simple and straightforward as possible. Use simple language and bullet points or numbered lists to help with structure. 3. Be nice. Even if you’re dissatisfied with the organisation, try to put that aside and focus on using simple language to ask for the information you want to receive. 4. Read it twice. Before you send a request, take another look at it to make sure it’s clear and easy to follow. If still unsure, get a friend or family member to take a look. Learn more about making effective information requests on our website 👉 https://lnkd.in/ekZ-UDTR

💼️ Work in an organisation that develops, uses or is considering using PETs? 💻 Have you signed up for our free PETs webinar yet? Our webinar on 25 September will include a deep-dive of our PETs report, recommendations to overcome barriers and a chance to ask our experts questions. Sign up now: https://lnkd.in/eVntmK9h

NEW: Emily Keaney, ICO’s Deputy Commissioner discusses how our work on children’s privacy is having a global impact. Read her thoughts below ⬇️

#ICYMI our Sandbox insights report looks at the variety of projects we’ve worked on, how they will benefit the public, and the key data protection considerations that were prominent among our 14 previous participants. How has our Sandbox delivered a variety of public benefits? ➡️ We helped a group of financial institutions planning a data-sharing pilot that aimed to reduce the impact of financial crime on the UK economy – and reduce the degree of harm suffered by members of the public by improving the prevention and detection of financial crime. ➡️ Our work with the Gambling Commission and Betting and Gaming Council helped during the development of the ‘GamProtect’ service, which enables gambling operators to identify and support people experiencing harm from gambling. We’re currently accepting new expressions of interest from organisations wishing to join our Sandbox. If your organisation is looking to develop a product or service that uses information in creative and innovative ways, apply on our website now 👇 https://lnkd.in/eiCcyz2F

NEW: We’ve surveyed 2,000+ data controller organisations that collect, process and store personal information. A data controller is an organisation or individual that manages the purposes and means of the processing of personal information. Data controllers control the personal information being processed and are ultimately responsible for it. Alongside the survey, the data controller study included 20 in-depth interviews, through which we learnt more about the organisations that we regulate, and gained insight that will inform our strategic and regulatory objectives. This is the first of a three-year research project to gain more insight into the UK data controller landscape and help us support organisations with their data protection responsibilities and ensure people’s personal information is protected. We asked UK data controllers to share: • key details about their organisations; • activities involving processing personal information; • the technologies they use; • innovation considerations; and • perceptions of data protection laws and regulation. Here are a few of our key findings: ➡️ Organisations have developed an informed view about data protection law, 32% of organisations agree that data protection law has been an enabler that has positively influenced core activities; ➡️ 24% of organisations reported that data protection law had placed constraints to at least some extent on their core activities; ➡️ 74% of data controllers are sole traders; and ➡️ 48% of data controllers processed personal information for less than 100 data subjects in the last 12 months. We also wanted to learn more about the challenges organisations face. We found that: ➡️ 49% of organisations raised cyber security as a challenge in processing personal information; and ➡️ 49% of organisations reported lack of expertise/staff training required as reasons for not adopting new technologies. Read the full data controllers study findings on our website 👉 https://lnkd.in/eWf7HKvx

📢 We want to hear from you! Accountability is one of the key principles in data protection law and there are two key elements. First, organisations are responsible for complying with data protection law and second, they need to demonstrate compliance. This applies to GenAI models as they often involve the processing of personal information. What are your views on who is responsible for data protection compliance across the generative AI supply chain? Share your thoughts in our final call for evidence as part of our GenAI consultation series. Your responses will help us develop our final regulatory positions on GenAI, which will be reflected in upcoming work and guidance. Use our survey to submit your thoughts by September 18 👇 https://lnkd.in/e5kqCpaR Or you can let us know your views by email to: generative.ai@ico.org.uk

NEW: We’ve fined Coastal Windows and Conservatories UK Limited (CWC), a home improvement company, £40,000 for calling thousands of people registered with the TPS. ➡️ The case We received a number of complaints from the public about unsolicited marketing calls – even though people had registered with the TPS. Our investigation found that Coastal Windows and Conservatories UK Limited: - didn’t screen against the TPS. - had no PECR policies or training in place. - relied on consent that was up to 13 years old. - had no evidence that third party partners asked people for consent to receive calls from Coastal Windows and Conservatories UK Limited. ✅ Lessons you can learn from this case It’s important to respect people’s preferences about direct marketing. People can object to you using their information for direct marketing and you must stop or not start using their information for this purpose. Our direct marketing guidance has a section that runs through suppression lists and how to manage opt outs: https://lnkd.in/eHnr43KA CWC used third parties that collected potential customers details with an option to pass these details on to “approved installers”. However, CWC did not undertake their own checks prior to making calls. If you use a third party to buy in or rent information, you must remember that you are responsible for compliance with data protection law and PECR: https://lnkd.in/eG9Y_yrs CWC didn’t provide the ICO with any examples of training guides for their staff. It’s crucial that your staff have specialised training based on their job roles and the types of personal information they’ll be handling. See our Accountability Framework guidance – this will give you practical steps for assessing your own training: https://lnkd.in/ev3ny_Wf Read more about the case: https://lnkd.in/ea3MSj_8

No more scratching your head about what to put in your privacy notice - our new privacy notice generator will automatically generate one that is bespoke to your organisation and tailored to your sector, in about 10-15 minutes. Suitable for all types of small businesses , sole traders, small charities, clubs and groups, the tool will help you tell people outside your organisation how you use their information. Head to our new privacy notice generator to create a privacy notice just for your organisation: https://lnkd.in/eFTC3AzB #HereToHelpSMEs

Supporting Scottish innovators with regulatory clarification Would you like free informal regulatory advice on bringing your digital or AI driven product to market? Join us for breakfast on 18 September at Ofcom offices in Edinburgh to learn more about the DRCF AI and Digital Hub, a free informal advice service to provide innovators tailored answers to their most pressing cross-regulatory questions. Meet with Kate Jones, DRCF CEO, and Hub representatives to get an overview of the Hub, its benefits, and address your questions. Sign-up for the event below or register here -https://lnkd.in/ezxia82j We look forward to seeing you there! #AI #digital #AIDigHub #innovation

Oasis aren’t the only thing that’s back 👀 Register for #DPPC24 our website now 👉 https://lnkd.in/enyevG-e