A new draft complaint handling procedure from the Information Commissioner’s Office (ICO) says that the watchdog plans to change the way in which it deals with complaints.
Citing an increase in awareness of information rights amongst the populace of the UK, the organisation said it needs to review its approach as demand for its services looks set to rise. The ICO said it is committed to dealing with complaints under the Data Protection Act (DPA) in an effective and efficient manner as possible. Limited resources means that the body has a need to discharge its duties in a manner that offers value for money.
In setting out its proposals the watchdog said that it had dealt with 40,000 enquiries last year in addition to some 214,000 phone calls, though it felt it likely that the legislation had been contravened in only 35% of those cases.
The ICO said that many complaints it receives are from parties who have not raised their concerns with the organisation in the first place or who are merely looking to access information. It said that it is currently becoming involved in disputes between organisations and individuals in which data protection issues are peripheral to the actual complaint.
“We want to become more effective and efficient at using concerns raised with us to improve the wider information rights practice of organisations and to tackle systemic problems. Too often we are drawn into adjudicating on individual disputes between organisations and their customers or clients, particularly where the legislation we oversee may only be a peripheral part of the matter being disputed.”
The new approach does not, of course, mean that the ICO will stand back completely. It said,
“We want to focus on those who get things wrong repeatedly, and take action against those who commit serious contraventions of the legislation,” adding that, “This will avoid unnecessary concerns being raised with us and make it much easier for us to identify opportunities to improve information rights practice.”
The ICO now proposes that it should only become involved after customers have first engaged with the company and attempted to resolve the issue themselves:
“When we receive a concern from a member of the public, complete with the organisation’s response to it, we will retain a record of the concern and decide if we think there is an opportunity for information rights practice to be improved. That may be in the individual case or it may be to address a more systemic concern.”
The ICO’s response will then be tailored to each individual case, depending upon whether it sees “an opportunity to improve information rights practice.”
“If we think an organisation needs to improve its practices we will contact them to explain why we think that is the case. Where appropriate we may ask an organisation to commit to an action plan or undertaking, to be published on our website, explaining the work they are doing to improve their practices.”
The watchdog said it will continue to to pursue enforcement action where it is appropriate to do so and will report regularly on the type of action it has taken and any improvements to information rights practice that have been highlighted. It said that its new targeted approach to complaints will, “give us more capacity to take this kind of regulatory action when it is warranted.”
The Information Commissioner’s Office welcomes responses to its proposals which must be submitted by 31 January 2014. If the changes go ahead as planned then this new approach to complaint handling will be effective from 1 April 2014.