In November 2022, the Information Commissioner committed to publish all reprimands from 2022 onwards unless there is a good reason not to.
We assess every reprimand on its own merit when deciding whether or not to publish it, in line with our policy on communicating our regulatory activities. That includes considering representations from organisations and redaction of confidential, personally sensitive, and commercially sensitive information.
On this occasion, we considered it was not in the public interest to name the organisation in the reprimand due to delays in the case, as well as the regulatory pause for Covid-19.
We have chosen to still publish this reprimand, as organisations can learn where other organisations failed to comply with data protection law and identify what they need to do if they find themselves in a similar scenario.