Information Commissioner adjusts regulatory approach during the coronavirus pandemic

On 15 April, the Information Commissioner’s Office (ICO) issued a statement explaining how it will adjust its regulatory approach during the current coronavirus pandemic. The ICO regulates the UK’s data protection laws, as well as freedom of information law in Wales, England and Northern Ireland. Its role includes investigating complaints, issuing guidance and raising public awareness of information rights.

The ICO’s statement recognises that we are living through very difficult times which are putting enormous pressure on all types of organisations. Whilst there have been no changes to the underlying data protection or freedom of information laws, the ICO is altering its approach to regulation to reflect some of these difficulties. The statement reveals that the ICO will be:

• Focussing its resources on assisting organisations on the frontline of the coronavirus pandemic;
• Taking into account the crisis when handling complaints, including giving organisations additional time to respond where this is needed;
• Suspending regulatory action or enforcement in certain circumstances, for instance where organisations are unable to pay registration fees;
• Reviewing the impact of any new guidance, including delaying issuing new guidance that could impose burdens which would divert staff from frontline duties; and
• Taking stronger action again any organisations breaching data protection laws to take advantage of the crisis.

Public and private sector organisations will welcome the ICO’s statement, which takes a very pragmatic and sensible approach to these uncertain times. Whilst all organisations should continue complying with their obligations under data protection and freedom of information laws wherever possible, they should be reassured that the ICO will take into account the impact of current events before deciding on any regulatory or enforcement action.