Information Commissioner's Office Reviews 500

They seem very busy

This company is a disgraceful waste of money that legally forces people to pay what they call a “data protection fee” even though they are not privy to or instrumental in any company data protection systems. Their fee can go as high as £2000 per year and the company receives no benefit whatsoever from these leeches.

ICO is a completely useless organisation. Without my permission, or knowledge premier inn withdrew a sum of money from my account. Eventually, I contacted ico and guess what, unsuprisingly they sided with premier inn.

ico has as much clout as a toothless newborn kitten.

Britain is a basket case with rogue government spin off departments

Cannot recall the precise date of this 'experience' yet ico emailed me in December 24 with their decision not to take any action against premier inn.

The ICO is an organisation that has legal powers to force organisations to pay an annual fee and which seems to be accountable to no-one and which adds seemingly little or no value to anyone. My company has no employees and processes virtually no personal information (I am a sole trader), and yet it has to pay their annual fee, for no benefit to anyone.

These people are completely useless. They have zero will power, desire or effect whatsoever in holding companies to account. They’re a complete waste of tax payers money. Give the consistent feedback of ONE star reviews, parliament should seriously reconsider what this organisation has been set up to achieve.

Brought to the attention ICO problems accessing personal data from a third party. I found them to be very unhelpful and obnoxious. They also told me they have no legal powers and if I can't resolve the problem by myself to take the matter. to court and can't afford. Not sure about thier purpose for exsistance as most Government quangos. So much for civil rights.

Absolute waste of time, took five months to respond and told me nothing despite Trust admitting breach, no consequences for them.....no wonder companies and Trusts do what they like with people's data!

If zero stars were an option ...

They contacted my employer, regurgitated everything my employer stated back at me -- without ever bothering to ask me or check any facts.

Complain to your MP, because this is a useless institution taking millions of taxpayer money & failing to do any useful job.

Is the information commissioners office actually independent though?

I filed a subject access request (SAR) as part of GDPR to a company - but they didn’t give me all of my data. I contacted the ICO who dismissed the case - I complained and they just dismissed the case.

What’s the point in having a government appointed ombudsman for data protection if they don’t do anything? It’s been extremely upsetting to receive emails from the ICO telling me they can’t and will not do anything for me. Dealing with the ICO has been an extremely frustrating and disappointing experience.

ICO Trustpilot one star rating is currently at 97%

Provided clear evidence that company is stealing from my bank in form of screenshots.
Have clear evidence company set up direct debits unlawfully according to GDPR consent principles.
Company refusing to give me proof according to GDPR burden of proof articles.

ICO: Well since they are denying, we can't do anything (??? what you exist for then, if you don't investigate)

ICO - You maintain that RingCentral is infringing upon data protection law because charging your account would have required it to process your personal data, and that you never gave your consent for this to be happen. However, this isn’t necessarily the case. While RingCentral must presumably have had your bank details on record on some point in order to make the charges, you wouldn’t be identifiable from them in isolation -

They used my bank details and I am not indentifable?

Pretty much told me to go bother ActionFraud (which is equally useless, as they won't do anything).
They carried they 'independent review' where next one day or two, investigator of ICO said Yep, I agree with everything ICO guy said - now go away.

Waste of time, nowadays you can get thieved from your bank account in daylight and no one will do anything.

I contacted them over a company ignoring an SAR. They investigated but because the company ignored them and didn’t respond to any communication they dropped the case. This is utterly unacceptable.
Update. My MP is now on the case and is taking action against them. He’s questioning why they take tens of millions in taxpayers funding and don’t do anything to justify it

Update - my brilliant MP (James McMurdock) is going after them both with the ombudsman and in parliament. They’re in for a very difficult time and well deserved.

Fraud Alert: Sky Account Scams & Security Concerns

Scam Overview

The phone number 07488 292880 is linked to an individual running a sophisticated scam operation, potentially based in the UK, using a mobile contract under Sky. This tactic creates the illusion of legitimacy, as the number appears to be associated with Sky Mobile.

The scam involves the following steps:
1. Phishing for Email Access: The scammer contacts you, pretending to represent Sky, and requests your email address.
2. Password Reset Exploitation: They initiate a password reset for your Sky email and persuade you to use a password they provide.
3. Account Hijacking: Once they gain access, they make purchases—such as phones, tablets, and accessories—using your account. They also extract personal data for fraudulent activities, including loans and credit applications.

How They Profit:
   •   Products purchased on your account are shipped to UK addresses for resale or international shipping.
   •   Personal information is sold and misused for financial fraud.

Risks for Victims:
   •   Financial Liability: If scammers make purchases on your Sky account, Sky may hold you responsible for the charges.
   •   Data Breaches: Your personal data may be sold and used to commit further fraud.

Security Recommendations:
   •   Never Share Passwords: Do not reset your Sky password based on instructions from unsolicited callers.
   •   Verify Callers: Be cautious of callers with foreign accents or unfamiliar numbers claiming to represent companies like Sky.
   •   Contact Sky Directly: If you suspect fraudulent activity, contact Sky directly through their official customer service channels.

Concerns About Sky’s Security Policies

A suggested security improvement—allowing password resets only via phone rather than email—has reportedly been declined by Sky. This policy leaves customers vulnerable to scams exploiting email-based password resets. Additionally, victims may be held liable for losses, despite being targeted through a company’s security loophole.

Broader Issues in Scam Prevention
1. Telecommunications Providers: Fraudsters exploit weaknesses in telecommunications systems by obtaining fake UK numbers from VOIP providers and telecom companies. These numbers are issued in bulk, potentially due to insufficient oversight by regulatory bodies such as Ofgem.
2. Regulatory Bodies:
      •   Ofgem: Responsible for telecommunications network security but appears to have gaps in enforcement.
      •   ICO (Information Commissioner’s Office): Allegedly reluctant to act against companies aiding in GDPR breaches.
      •   Action Fraud: Criticized as ineffective, often perceived as a superficial effort to address fraud.

Final Thoughts

This issue highlights systemic vulnerabilities in corporate security policies, telecommunications infrastructure, and regulatory enforcement. While individual vigilance is critical, organizations and regulators must take responsibility for mitigating these risks and protecting consumers from fraud.
I wouldn’t waste your time reporting any of these issues with Action Fraud as this is nothing more than a smoke screen to hide the facts they do not care about the illegal activity and they look at us public as nothing more than sheep, the ICO are the same and the telecommunications industry as a hole don’t care as long as they receive stolen money from scammers they do not care about receiving stolen money and refuse to take action to prevent such scams and fraud, they in-fact are happy to allow the Indian, Ghana scammers to use their infrastructure and assist in the theft of data and finances and are happy to receive stolen money.

This information is 100 percent true the government are fully aware and believe because the public are like sheep that we will not find out, what’s more they do not want to stop this illegal activity.

Useless, don't investigate anything, Valerie is not interested, she doesn't contact you. I had lots of data breaches in my nhs file and the nhs are not regulated. Nobody does anything. Useless and nhs know it.

Communication is very poor, and it seems they do not care. I question the purpose of this organization. They fail to take data breaches seriously even when they have identified them themselves.

Almost 100% negative reviews - and if most people could have given zero stars, they clearly would - the feedback speaks for itself, and it seems my experience with the ICO echoes what the majority of what other people have had to put up with. The first time I contacted the ICO was because I made a subject access request to a police force who took several months longer than the legally required 28 days to provide a SAR. The ICO said there was no case to answer - a staggering judgement from an organisation that are supposed to understand UK GDPR - I knew more about it than they did from reading the information online for less than 20 minutes - ironically from the ICO's own website. I appealed to the ICO against this first decision, and after several more months a more senior member of staff decided that indeed, several months is in fact longer than 28 days, and therefore I had been correct that the police had not complied with Data Protection Law - but that was it - they don't do anything other than say you'll need to take the police to court if you want any action against them. It feels like the ICO is part of a system that is designed to prevent the British public from exercising their rights. The ICO did decide in a couple of other instances that the police were breaking Data Protection law (again) - in that information that I'd requested in a SAR took around 11 months to be provided - but this was the only time the ICO provided a correct interpretation of UK GDPR (but they still didn't take action against the police). As part of the same issue I contacted the ICO to report another police force - for something far more serious: I'd sent the ICO written evidence (the police's own emails and the police's own report) showing that police had committed a number of serious data breaches - the police sent pretty much all of my personal data to a private company without my knowledge or permission - and further evidence that the police then concealed the fact that there had been a serious data breach (a criminal offence) after I made a Subject Access Request. It turns out that according to the police's own report that it was in fact one of the Police's own Data Protection Officers who had selectively removed information from a pack of emails that showed that the police had sent my personal data to a private company (name, address, DoB, gender, sexuality - essentially everything), before sending the information to me in a SAR. The ICO decided that there was no case to answer, primarily it seems because the police told them that there was no case to answer, no doubt aided by the ICO studiously ignoring the written evidence that I'd already sent to them. Eventually, and in the light of overwhelming written evidence (the police's own emails), the police admitted to the above (and eventually paid damages). It was only after I sent the incompetents at the ICO (who'd previously decided that the police had done nothing wrong) the written admission from the police, did the ICO respond to say the police had indeed committed a serious data breach - no sh*t Sherlock! - they just parroted back to me what I'd just sent them in the letter from the police - and then the ICO said that they weren't going to do anything further. The ICO say that they won't investigate issues - all they had to was read the evidence that was sent to them and they could not even be bothered to do that. It was not an issue of interpreting the law - it was clear that large amounts of data breaches had been concealed from me. Not following up with any action after the police admitted concealing the evidence of that data breach by hiding around 30 emails that should have been sent in a SAR was at least consistent behaviour from the ICO - they'd done nothing useful in the first place. The ICO is worse than useless in my experience - riddled with unaccountable incompetents, who can't even be bothered to read the clear evidence under their nose. In many ways their existence is worse than them not actually being there - they only serve to get in the way and mess things up, and clearly most of the people working there have a poor understanding of Data Protection Law, and they simply don't care about the truth. It's clear from the Trustpilot reviews and other reviews that there is a systemic failure with the ICO - and the same is true with the PHSO, who are supposed in look into complaints about the ICO - but then won't because they say that you can take the ICO to court to address any issues around the ICO. That's why the ICO say if you have serious complaints about them that you should complain to the PHSO. I don't think our politicians can care that these organisations are not fit for purpose - these bodies seem to work against the UK public who are they supposed to be working for.

Another totally useless Qango.
Why do they exist. When you advise them of a breach of your personal data they say you have to deal with the problem. All these organizations supposedly there to protect consumers are just set up , I presume by government to create the impression that there is some form of regulation when inn effect there is not.
My complaint was that I received a call from British Gas to whom I have not given any personal details and they had obtained my full name and personal mobile number and wanted to offer me a cheaper energy deal that turned out to be considerable more expensive than the daily charge and unit price than I pay but they claimed would cost me less than half of what I currently pay. Yes another energy company MIRICLE.
I think many consumers are conned into switching suppliers by these sort of tactics which end up costing more for us poor long suffering members of the public.

I object to my taxes propping up this paper tiger regulator. Everything you expect, you don't get. Everything you would imagine they would do- ensure your legal rights are upheld- they don't. I wanted two pieces of information from the NHS- after months of trying to get them they just ignored all correctly delivered SAR's. I referred to the regulator- 4 month wait for initial response. Didn't bother to understand the complaint and sent generic reminder to NHS. It was ignored, they sent another, then an urgent one. Nothing received. Now they are saying case closed- I can take the NHS to court to get my record if I want. Thanks for nothing! No wonder so many scandals emerge years after they could have done. Totally worthless regulator.

Rude unhelpful staff. Call handler was rude and arrogant. She did not let me explain my issue and just spoke over me. She had the cheek to say we are busy taking cases and it will take months so to go back to the organisation you are dealing with.
This service is unfit for purpose.

How the ICO is still operational, I have no idea.

Engaging with the ICO has been nothing short of frustrating and mindboggling in their inability to follow, or deliver on, their own policies and processes.

The organisation claims to hold itself to a high standard (it doesn't) with defined protocols, strict guidelines, and 'rigorous' processes that are supposedly there to protect 'you and me' against unscrupulous employers who flout subject access demands, underwritten by, you guessed it, the ICO.

However, anyone who has dealt with the ICO - if you've a spare 7 hours to read the 1* reviews below, (before you invest yourself emotionally after reading the dribble that the ICO purports to 'enforce') - will know, it's a waste of time. I'd seriously consider your own mental wellbeing before investing anytime in contacting the ICO, as the process goes on for months, and months, and months, before they tell you, after appeal, that they can't do anything. They don't even follow their own advice to employers - What is the actual point of the ICO?

Let's talk about their so-called 'processes' - these processes are nothing but empty words.

Disregard for their own protocols permeates every level of the organisation - Again I reference the hundreds of 1* reviews, testament to this - the ICO fundamentally does not prioritise - or even respect - its own standards.

The ICO preach about data protection and information rights, yet they are the very ones undermining these values.

The impact on your morale is severe; you are putting your trust and faith in an organisation that will ultimately, do nothing, absolutely nothing.

Save yourself the stress and worry of pursuing a process, and an organisation, that will fail you.

I reported my company for failing to respond properly to a SAR.
Also for incorrect (and unlawful) information stored by my company.
ICO response was woeful.
Regarding the incorrect information stored, ICO advice - ask them to remove it! Great, wish I'd thought of that before wasting the ICO's time, and they wasted mine. Very poor, but in this country, businesses and employers have 'the law' unconditionally on their side in the vast majority of cases. Citizens are merely trouble makers.