Home>Security>Cyber Crime>ICO and FCA sign updated MOU

ICO and FCA sign updated MOU

22 February 2019

THE INFORMATION COMMISSIONERS OFFICE (ICO) and the Financial Conduct Authority (FCA) have signed an updated Memorandum of Understanding.

The FCA regulates financial firms providing services to consumers and maintains the integrity of the financial markets in the United Kingdom.

The new memorandum sets out the terms of our future working relationship in areas of mutual regulatory interest. It establishes a framework for cooperation, coordination and information sharing between the ICO and FCA. The Commissioner is empowered to take a range of regulatory action for breaches of the following legislation:

  • Data Protection Act 2018 (DPA);
  • General Data Protection Regulation (GDPR);
  • Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR);
  • Freedom of Information Act 2000 (FOIA);
  • Environmental Information Regulations 2004 (EIR);
  • Environmental Protection Public Sector Information Regulations 2009 (INSPIRE Regulations);
  • Investigatory Powers Act 2016;
  • Re-use of Public Sector Information Regulations 2015;
  • Enterprise Act 2002;
  • Security of Network and Information Systems Directive (NIS Directive); and
  • Electronic Identification, Authentication and Trust Services Regulation (eIDAS).

The Commissioner’s regulatory and enforcement powers include:

  • conducting assessments of compliance with the DPA, GDPR, PECR, eIDAS, the NIS Directive, FOIA and EIR;
  • issuing information notices requiring individuals, controllers or processors to provide information in relation to an investigation;
  • issuing enforcement notices, warnings, reprimands, practice recommendations and other orders requiring specific actions by an individual or organisation to resolve breaches (including potential breaches) of data protection legislation and other information rights obligations;
  • administering fines by way of penalty notices in the circumstances set out in section 152 of the DPA;
  • administering fixed penalties for failing to meet specific obligations (such as failing to pay the relevant fee to the Commissioner);
  • issuing decision notices detailing the outcome of an investigation under FOIA or EIR;
  • certifying contempt of court should an authority fail to comply with an information notice, decision notice or enforcement notice under FOIA or EIR; and
  • prosecuting criminal offences before the Courts.