Information Commissioner’s Office Triennial Review 2014: call for evidence

Closed 16 Jan 2015

Opened 25 Nov 2014


As part of the UK government’s requirement to reform public bodies, all government departments must review their non departmental public bodies (NDPBs) at least once every 3 years. 

As with all triennial reviews, the review of the Information Commissioner’s Office (ICO) will examine whether there is a continuing need for its functions and whether the organisation should continue to operate in its current form, considering whether services could be provided more effectively and efficiently. 

If it is determined that there is a continuing need for the organisation in its current form, the review will assess whether the ICO’s control and governance arrangements continue to meet the recognised principles of good corporate governance. The review will also consider the organisation’s structure, efficiency and performance. 

Functions of the Information Commissioner’s Office

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights. From data protection and electronic communications to freedom of information and environmental regulations, the ICO exists to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO promotes good practice, assesses complaints, provides information to individuals and organisations and takes appropriate action when the law is broken.

The ICO is an independent NDPB sponsored by the Ministry of Justice but reports directly to the UK Parliament. The Information Commissioner’s main responsibilities and duties are contained within:

  • The Data Protection Act 1998 which gives citizens important rights including the right to know what information is held and the right to correct information that is wrong. The Act obliges organisations to manage the information they hold about individuals in a proper way;
  • The Freedom of Information Act 2000 which gives people a general right of access to information held by public authorities;
  • The Privacy and Electronic Communications Regulations 2003 which supports the Data Protection Act by regulating the use of electronic communications for unsolicited marketing to individuals and organisations;
  • The Environmental Information Regulations 2004 which give people the right to request environmental information from public authorities and require public authorities to make environmental information available proactively.  
  • The Infrastructure for Spatial Information in the European Community Regulations 2009 gives the Information Commissioner enforcement powers in relation to the pro-active provision by public authorities of spatial data, often referred to as geospatial data or geographic data.

This review will not include the Scottish Information Commissioner.

Why your views matter

To complete a full assessment of the ICO, we are inviting contributions from people and organisations that have an involvement with, or interest in, the ICO. The responses will be included in the body of evidence used by the review team when making its assessment.

What happens next

The Triennial Review will be carried out by Ministry of Justice officials with input from a Challenge Group at key stages and is expected to take four months.  Following Ministerial consideration and approval, the conclusions of the review will be announced in both Houses of Parliament and a copy of the final report will be published on GOV.UK.


  • Businesses
  • Citizens
  • Claims management services
  • Voluntary organisations
  • Local authorities
  • Charities
  • Government departments
  • Police
  • NHS data controllers
  • HSC data controllers
  • Private limited company
  • Public sector
  • VCSE/Charity/Mutual
  • Think tanks
  • Academics
  • UK policy institutions
  • EU policy institutions
  • Journalists


  • Public Bodies
  • Data protection
  • Triennial reviews
  • Information rights