In advance of its new three-year strategy, the ICO has revised its approach to enforcement in the public sector.
It will see Commissioner’s discretion being used to reduce the impact of fines on the public sector, coupled with better engagement, including publicising lessons learned and sharing good practice.
Realistically, it will increase in the use of warnings, reprimands and enforcement notices, with fines only issued in the most serious cases. It will be trialled over the next two years.
The UK Information Commissioner John Edwards confirmed the approach in an open letter to public authorities, and you can read it at https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/06/open-letter-from-uk-information-commissioner-john-edwards-to-public-authorities/
The idea may be sound, but I wonder if this risks setting up a two-tier system of standards, between the public and private sectors?
Also, some might think that the ICO is moving to protect organisations rather than individuals – only time will tell.