The Information Commissioner’s Office (ICO) has published its annual report for 2019-20, covering what the Information Commissioner has called a “transformative period” for privacy and data protection and broader information rights.

The report discloses that the ICO received 38,514 data protection complaints in 2019-2020 and 6,367 freedom of information complaints.  Of the data protection complaints 39% related to subject access requests.   The ICO settled its case with Facebook concerning the use of personal data in political campaigns.

Over 2,100 investigations were conducted. Regulatory action was taken 236 times.  That included 54 information notices, eight assessment notices, seven enforcement notices, four cautions, eight prosecutions and only 15 fines.

The health sector generated nearly 20% of all personal data breach complaints, followed by general businesses with 17.16%, the education sector with 14%, the finance, insurance, and credit sector with 10%, local government with 8.63%, the legal sector with 8.57%, and the retail sector with 5.39%.

Computer Weekly reports that according to statistics compiled by RPC, the average fine issued by the ICO has trebled from £73,645 in 2016/17 to £216,000 in the last year.

The highlights of the ICO’s year included

The report did not cover the impact of COVID-19.  In launching the report the Information Commissioner, Elizabeth Denham said:

“We have seen a transformative period in our digital history, with privacy established as a mainstream concern, and with complex societal conversations increasingly asking data protection questions. This report shows the ICO has been at the centre of those discussions, from how facial recognition technology is used to how we protect children online”.