Reading:
Ministry of Justice data protection issues: ICO Enforcement Action
Share:
data leak and data breach compensation

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Ministry of Justice data protection issues: ICO Enforcement Action

Due to a number of Ministry of Justice data protection issues, it has been reported that the UK data regulator, the ICO, has now published Enforcement Action against the MoJ.

In a recent publication from the ICO (the Information Commissioner’s Office), it was confirmed that the Ministry of Justice was in contravention of vital data protection legislation. The reason cited was due to their failure to provide, with “undue delay”, copies of information for a staggering 7,753 data subjects.

About the Ministry of Justice data protection problems

The ICO’s enforcement notice was issued on 12th January 2022 and outlines the legal framework and obligations that the MoJ is under. It also cited a previous Enforcement Notice that was issued on 21st December 2017 arising from the same issue of a large number of Subject Access Requests (SAR) that were reportedly delayed.

Whilst it is understood that obligations were then followed in accordance with the framework for the previous notice, the ICO was made aware of a backlog of SAR’s occurring again at the start of January 2019. However, due to the coronavirus pandemic, regulatory action was paused in 2020.

Between the end of 2020 and the end of 2021, correspondence between the ICO and the MoJ kept the regulator in the loop over the Ministry of Justice data protection issues and the backlog of Subject Access Requests it was facing.

About the Enforcement Action

The Ministry of Justice data protection issues have now resulted in the ICO taking the view that, as a result of undue delays, Enforcement Action must be issued in light of the distress that many people will be suffering from as a result of the delays. The MoJ is now being advised to take steps to rectify the situation, and the ICO has referenced in the report the power to fine those in breach of the GDPR up to £17,500,000, or 4% of total annual global turnover (whichever is the higher).

The terms of the Enforcement Action are that, by 31st December 2022, the MoJ must have:

“informed the 7,753 data subjects referred to at paragraph 22, who have made a subject access request, whether or not the controller is processing personal data concerning that data subject, and if so provide that data subject with a copy of their data, subject only to the proper application of any exemption from, or restriction or adaptation of, the right of subject access provided for in or by virtue of the EU or UK GDPR or DPA”

and:

“carry out such changes to its internal systems, procedures and policies as are necessary to ensure that future subject access requests received by the controller, in respect of it, are identified and complied with in accordance with Article 15 of the UK GDPR, subject only to the proper application of any exemption from, or restriction or adaptation of, the right of subject access provided for in or by virtue of the UK GDPR or DPA.”

Source: ICO.

What can people do about data injustice?

Anyone facing Ministry of Justice data protection problems that has directly resulted in distress caused by their actions could be eligible to claim data breach compensation if a breach has occurred.

Whilst the ICO is there to manage and enforce the regulatory matters, they are not there to issue compensation to victims who suffer distress. However, the GDPR can entitle victims of a data breach to claim compensation, and that is what we do as leading privacy claims lawyers. For eligible claimants, we are also able to offer No Win, No Fee legal representation.

Please do not hesitate to contact the team for free, no-obligation advice should you need to do so here now.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon