Temporary governance changes at the ICO

The ICO has made temporary changes to the governance around how the Information Commissioner’s responsibilities are carried out. This follows the completion of an independent workplace investigation relating to John Edwards, the Information Commissioner. The investigation has now concluded. As the Information Commissioner is accountable to Parliament, and not employed by the ICO, the next steps will be determined by the Department for Science, Innovation and Technology (DSIT). The Commissioner voluntarily stepped back from his duties on 26 February to enable the investigation to take place. He continued to receive…

Read More

ICO launch new guidance to support public authorities dealing with AI-generated FOI requests

The ICO have published new guidance to help public authorities confidently handle Freedom of Information (FOI) requests that involve the use of artificial intelligence (AI).  The guidance responds directly to what FOI practitioners have told us about the growing impact of AI on their work. Public authorities are seeing an increase in the volume and complexity of requests generated using AI tools, including requests that misquote legislation or require significant clarification before they can be processed.  Without clear, practical support, this trend risks placing pressure on FOI teams and could…

Read More

Charities given new flexibility to contact supporters under data law change

The ICO have published final guidance on the ‘charitable purposes soft opt-in’ provision, helping charities to understand and apply the new rules.  The change, which came into force as part of the Data (Use and Access) Act 2025 on 5 February 2026, means charities can send direct marketing by electronic mail, including emails, texts and direct messages on social media, to people who have expressed an interest in, or offered to support, an organisation’s charitable purpose, without needing to obtain consent first, providing strict requirements have been met. We have…

Read More

Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK

ICO have fined password manager provider LastPass UK Ltd £1.2 million following a 2022 data breach that compromised the personal information of up to 1.6 million of its UK users.  They found that LastPass failed to implement sufficiently robust technical and security measures, which ultimately enabled a hacker to gain unauthorised access to its backup database. There is no evidence that hackers were able to unencrypt customer passwords as these are stored locally on customer devices and not by LastPass.  The incidents occurred in August 2022 when a hacker gained…

Read More

Jointly Prepared Statement from the Information Commissioner’s Office (ICO) and Financial Conduct Authority (FCA) on Targeted Support and Direct Marketing

Introduction It is important for your customers to receive timely and relevant information to support decisions about their finances, while having their direct marketing preferences and data protection rights respected. This is crucial in order for customers to trust the information they receive, helping them to make informed decisions and pursue their financial goals. Under the framework set out in the FCA’s policy statement (PS25/22), authorised firms would be able to offer a new type of help called ‘targeted support’ and make suggestions to an individual based on them being…

Read More