The ICO Quartet
- an “In My View” article by NIGEL WARD, clarifying and expanding upon last weeks’ article regarding ICO data protection registration (or not, as the case seems to be).
In my article of Friday 8th February 2019, I pointed out that, according to the ICO website, Scarborough Borough Council appeared to have opted for a Tier 1 (£40) data protection registration when, as a public authority employing more than 250 people, surely a Tier 3 registration (£2,900) should have been declared and paid?
One switched-on reader has emailed me to point out that SBC’s Tier 1 registration referenced only the data protection service for the Council’s Electoral Register, and it may possibly be the case (may it not?) that SBC had registered the Council (body corporate) separately under Tier 3, in full compliance with the legal requirements. fair point.
The ICO website search facility does indeed disclose a second registration for SBC – but not for the Council (the body corporate). Remarkably, that second registration is in the name of Mr Tom FOX (would you believe?) – but the record shows that this second registration is also Tier 1. Hmmm. Is Mr Tom FOX Scarborough Borough Council? Possibly not.
[Source: ICO website search for ‘Scarborough Borough Council’]
However, there is no registration at Tier 1, Tier 2 or Tier 3 for Scarborough Borough Council (the body corporate). Someone appears to have been remiss.
Comparisons with our neighbouring electoral authorities shed some light.
To our south, East Riding of Yorkshire Council maintains two registrations – one under Tier 1 (for their Electoral Register) and a second, for the body corporate, under Tier 3, as required. Bravo!
[Source: ICO website search for ‘East Riding of Yorkshire Council’]
To our north, Redcar & Cleveland Borough Council maintains only a Tier 3 registration. This would suggest that the Council’s Electoral Register is unprotected by Tier 1 of the ICO data protection program. The personal data of over 100,000 electors is not covered by the program.
[Source: ICO website search for ‘Redcar & Cleveland Borough Council’]
As for Ryedale District Council, our immediate neighbour to the west, here again we find two registrations – Tier 1, in respect of its Electoral Register, quite correctly, and a second Tier 1 in respect of the Council itself. I struggle to believe that Ryedale District Council, a public authority, has less than ten employees – which is the limit for Tier 1.
[Source: ICO website search for ‘Ryedale District Council’]
So, according to the ICO website, of the quartet of electoral authorities in our immediate area, only East Riding of Yorkshire Council is presently in tune with the legal requirements.
One out of four is not acceptable. Three out of four have failed.
And three out of four Monitoring Officers have failed to pick it up. The ICO, too. This is not impressive.
If you or I operated four vehicles, only one of which was compliant with the legal requirements, we would be well advised to anticipate prosecution – and we would be unlikely to turn out to have been unnecessarily pessimistic.
Do you imagine that three out of four of our immediate area’s Councils will be prosecuted? We are, of course, all equal under the law.
[As a matter of interest, Craven District Council, Hambleton District Council, Harrogate Borough Council, Richmondshire District Council, Selby District Council, City of York Council and North Yorkshire County Council have all registered for data protection with the ICO in full compliance with legal requirement. Only Scarborough Borough Council, Ryedale District Council and Redcar & Cleveland Borough Council are presently in default.]