Following a public consultation at the end of 2013, the Information Commissioner's Office (ICO) has published new guidance on complaint handling, in its capacity as the data protection regulator.
The ICO had expressed concern that the number of customers asking it for advice has increased every year. In 2012/2013 it dealt with just over 40,000 written enquiries about data protection and nearly 214,000 phone calls from individuals, however the ICO assessed that only 35% of the complaints dealt with involved a breach of legislation.
The new guide highlights that data controllers are expected to respond to complaints by individuals in the first instance and must clarify how they have processed the individual's personal information and explain how they will put right anything that has gone wrong. Therefore the emphasis is that data controllers should try to resolve more issues themselves before the ICO is involved, however consumers can still refer a case to the ICO if they are not satisfied that their complaint has been dealt with adequately by the data controller. Individuals will be required to produce copies of documents evidencing their concern, together with their relevant correspondence with the data controller. The data controller will be expected to provide evidence of how they have tried to deal with the concern and this evidence will be used by the ICO to help it to judge the severity of a potential breach and whether it should pursue enforcement action. The ICO has said that it will keep a record of the concerns raised about an organisation for future regulatory purposes.
The new guidance should aid the ICO to reduce its workload but the ICO has stated that it would provide more resources into cases where it believes that a decision will improve data protection practice.
The outcome of this new guidance is that data controllers will need to be vigilant when receiving a complaint from an individual about the processing of personal data as they will need to be able to provide evidence that they have adequate procedures in place for the handling of complaints, which are then carried out in a satisfactory manner and well documented.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.