Government and ICO agree memorandum of understanding in bid to shore-up data protection approach

Both parties signed the memorandum on Friday (9 January), and made joint agreements to work together to "ensure the public can see real benefits in sharing their data and trust that it will be protected”.

The document sets out a ‘shared vision’, which says: “The ICO supports the government’s ambition to use new technologies to transform public services, create a modern digital government and drive economic growth.

“Both parties believe that this transformation relies on the public having trust and confidence that their data is being used safely, for the public good and within the law.

“Both parties are therefore committed to continuous improvement in how we work together.”

The Government agreed to 17 commitments as part of the memorandum, including a pledge to publish an annual assurance statement on how people’s data is being kept safe and how new and proposed technologies and processes have been designed with trust and privacy in mind.

It also agreed to carry out regular assurance exercises within departments, and establish effective oversight through an accountable governance model reportable to the Transformation Board.

This will include department boards and risk and audit boards regularly monitoring department-wide data protection risks and tracking the progress of measures set out by the Government Chief Data Officer, the memorandum states.

Elsewhere in the document, the Government agreed to train civil servants on how to share data safely, protect personal data, and improve their information management.

The Government will also establish a “cross-government culture” of continuous learning around improving information security, to set a clear process for responding to a personal data breach and ensure that all civil servants follow this process.

The ICO meanwhile agreed to 11 pledges, including producing timely and relevant guidance, codes of practice, advice notes, opinions, and audits that support the Government and the public sector to use people’s data safely.

In addition, it has committed to "be transparent" with the public on holding an organisation to account for a breach, and share insights with the Government on any trends and potential risks that the ICO has seen in its work.

It also said it would provide independent advice in response to the Government raising a substantial risk.

The memorandum was first spoken about in October last year, when the Information Commissioner, John Edwards, announced that the ICO was working on a joint commitment with the Government.

Describing the purpose of the memorandum at the time, Edwards said the agreement would ensure that the Government’s plans to use new technologies to transform public services, create a modern digital government, and drive economic growth are implemented “with the appropriate safeguards in place”.

Commenting on the memorandum on Friday, an ICO spokesperson said the document "follows several serious, high-profile data breaches that undermined public trust in government, some of which also placed lives at risk".

It added: "We have been clear that government needs to do more and move faster to improve data security as part of wider data protection practices, and we welcomed the government’s commitments to the Chair of the Science, Innovation and Technology (SIT) Committee in 2025.

"This MOU formalises that action, setting clear expectations and a pathway for government to address concerns about its approach to data protection, rebuild trust with the public and improve transparency and accountability in how government departments treat and handle people’s personal information."

Adam Carey