The ICO carries out audits to provide larger organisations with an assessment of whether they are following good data protection practice. Sometimes, and with the consent of the public authority, these audits also look at the way organisations handle requests for information under the Freedom of Information Act. The audits look at whether an organisation has effective policies and procedures in place and whether they are being followed and includes recommendations from the ICO on how to improve.
We believe that audits play a key role in assisting organisations in understanding and meeting their personal data protection obligations. The ICO sees auditing as a constructive process with real benefits for data controllers. We adopt, wherever possible, a participative approach including working closely with the data controller to agree the timing and scope of the audit.
Details of the consensual audits conducted by the ICO are below. These include an executive summary of the audit, where the organisation has given consent. We will keep this information on our website for one year.
18 May 2012
The ICO has carried out a follow up data protection audit of the Portsmouth City Council with its consent.
Read the Executive Summary of the Portsmouth City Council follow up audit report
The ICO has carried out a follow up data protection audit of the Highways Agency with its consent.
Read the Executive Summary of the Highways Agency follow up audit report
The ICO has carried out a data protection audit of Knowsley Metropolitan Borough Council with its consent.
Read the Executive Summary of Knowsley Metropolitan Borough Council follow up audit report
30 April 2012
The ICO has carried out a data protection audit of BT Retail with its consent.
Read the Executive Summary of the BT Retail audit report
The ICO has carried out a data protection audit of Provident Insurance PLC with its consent.
Read the Executive Summary of the Provident Insurance PLC audit report
20 April 2012
The ICO has carried out a data protection audit of MOD (DBS, CIV HR) with its consent.
Read the Executive Summary of the MOD (DBS, CIV HR) audit report
10 April 2012
The ICO has carried out a data protection audit of NHS Grampian with its consent.
Read the Executive Summary of the NHS Grampian audit report
The ICO has carried out a follow up data protection audit of NHS Ayrshire & Arran with its consent.
Read the Executive Summary of the NHS Ayrshire & Arran follow up audit report
The ICO has carried out a follow up data protection audit of Regal Credit with its consent.
Read the Executive Summary of the Regal Credit follow up audit report
28 March 2012
The ICO has carried out a data protection audit of the North Lanarkshire Council with its consent.
Read the executive summary of the North Lanarkshire Council audit report
The ICO has carried out a data protection audit of the Haringey Council with its consent.
Read the executive summary of the Haringey Council audit report
23 March 2012
The ICO has carried out a follow up data protection audit of Buckinghamshire County Council with its consent.
Read the executive summary of the Buckinghamshire County Council follow up audit report
The ICO has carried out a data protection audit of Somerset County Council with its consent.
Read the executive summary of the Somerset County Council audit report
16 March 2012
The ICO has carried out a data protection audit of the Royal Liverpool and Broadgreen University Hospitals NHS Trust with its consent.
Read the executive summary of the Royal Liverpool and Broadgreen University Hospitals NHS Trust audit report
The ICO has carried out a follow up data protection audit of The Royal Society with its consent. The Royal Society has asked us not to publish the executive summary of the follow up audit report.
The ICO has carried out a data protection audit of Newcastle Building Society with its consent. Newcastle Building Society has asked us not to publish the executive summary of the audit report.
The ICO has carried out a follow up data protection audit of Wigan Metropolitan Borough Council with its consent.
Read the executive summary of the Wigan Metropolitan Borough Council follow up audit report
7 March 2012
The ICO has carried out a data protection audit of the BSkyB with its consent.
Read the executive summary of the BSkyB audit report
28 February 2012
The ICO has carried out a data protection audit of the Skipton Building Society with its consent.
Read the executive summary of the Skipton Building Society audit report
The ICO has carried out a data protection audit of the Wycombe District Council with its consent.
Read the executive summary of the Wycombe District Council audit report
The ICO has carried out a follow up data protection audit of Hidden Hearing with its consent. Hidden Hearing has asked us not to publish the executive summary of the follow up audit report.
17 February
The ICO has carried out a data protection audit of the Brighton and Hove City Council with its consent.
Read the executive summary of the Brighton and Hove City Council audit report
The ICO has carried out a follow up data protection audit of Ministry of Justice with its consent.
Read the executive summary of the Ministry of Justice follow up audit report
14 February 2012
The ICO has carried out a data protection audit of the Coventry Building Society with its consent.
Read the executive summary of the Coventry Building Society audit report
The ICO has carried out a follow up data protection audit of North West London Hospitals NHS Trust with its consent.
Read the executive summary of North West London Hospitals NHS Trust follow up audit report
3 February 2012
The ICO has carried out a data protection audit of Eastbourne Borough Council with its consent.
Read the executive summary of the Eastbourne Borough Council audit report
The ICO has carried out a follow up data protection audit of NHS 24 with its consent.
Read the executive summary of NHS 24 follow up audit report
20 January 2012
The ICO has carried out a follow up data protection audit of Department of Finance and Personnel (Northern Ireland) with its consent.
Read the executive summary of Department of Finance and Personnel (Northern Ireland) follow up audit report
13 January 2012
The ICO has carried out a data protection audit of the Foreign and Commonwealth Office with its consent.
Read the executive summary of the Foreign and Commonwealth Office audit report
9 January 2012
The ICO has carried out a data protection audit of the Insolvency Service with its consent.
Read the executive summary of the Insolvency Service audit report
6 January 2012
The ICO has carried out a data protection audit of Wolverhampton City Council with its consent.
Read the executive summary of the Wolverhampton City Council audit report
The ICO has carried out a data protection audit of HMRC with its consent.
Read the executive summary of the HMRC audit report
The ICO has carried out a follow up data protection audit of Kirklees Neighbourhood Housing Ltd with its consent.
Read the executive summary of the Kirklees Neighbourhood Housing Ltd follow up audit report
20 December 2011
The ICO has carried out a data protection audit of Cambridge University Hospitals NHS Foundation Trust with its consent.
Read the executive summary of the Cambridge University Hospitals NHS Foundation Trust audit report
The ICO has carried out a data protection audit of American Express Services Europe Ltd with its consent.
American Express Services Europe Ltd has asked us not to publish the executive summary of the audit report.
15 December 2011
The ICO has carried out a follow up data protection audit of NHS Greater Glasgow and Clyde with its consent.
Read the executive summary of NHS Greater Glasgow and Clyde follow up audit report
2 December 2011
The ICO has carried out a data protection audit of Birmingham City Council with its consent.
Read the executive summary of the Birmingham City Council audit report
The ICO has carried out a follow up data protection audit of Cornwall Council with its consent.
Read the executive summary of Cornwall Council follow up audit report
The ICO has carried out a data protection audit of Department for Education with its consent.
Read the executive summary of the Department for Education audit report
18 November 2011
The ICO has carried out a follow up data protection audit of UK Border Agency with its consent.
Read the executive summary of the UK Border Agency follow up audit report
16 November 2011
The ICO has carried out a follow up data protection audit of NHS Birmingham East and North Primary Care Trust with its consent.
Read the executive summary of the NHS Birmingham East & North Primary Care Trust follow up audit report
10 November 2011
The ICO has carried out a data protection audit of the Criminal Records Bureau with its consent.
Read the executive summary of the Criminal Records Bureau audit report
The ICO has carried out a data protection audit of Turning Point with its consent.
Read the executive summary of the Turning Point audit report
7 November 2011
The ICO has carried out a follow up data protection audit of Gravesham Borough Council with its consent.
Read the executive summary of Gravesham Borough Council follow up audit report
3 November 2011
The ICO has carried out a data protection audit of Regal Credit Consultants Limited with its consent.
Read the executive summary of the Regal Credit Consultants Limited audit report
2 November 2011
The ICO has carried out a data protection audit of Companies House with its consent.
Read the executive summary of the Companies House audit report
24 October 2011
The ICO has carried out a data protection audit of Arrow Global Ltd with its consent.
Arrow Global Ltd has asked us not to publish the executive summary of the audit report.
The ICO has carried out a data protection audit of Wales Probation Trust with its consent.
Read the executive summary of the Wales Probation Trust audit report
Read the Welsh version of the executive summary of the Wales Probation Trust audit report
20 October 2011
The ICO has carried out a data protection audit of Northern Rock PLC with its consent.
Read the executive summary of the Northern Rock PLC audit report
The ICO has carried out a follow up data protection audit of Northern Devon Healthcare NHS Trust with its consent.
Read the executive summary of Northern Devon Healthcare NHS Trust follow up audit report
6 October 2011
The ICO has carried out a data protection audit of Burnley Borough Council with its consent.
Read the executive summary of the Burnley Borough Council audit report
5 October 2011
The ICO has carried out a data protection audit of Papworth Hospital with its consent.
Read the executive summary of the Papworth Hospital audit report
22 September 2011
The ICO has carried out a follow up data protection audit of Aneurin Bevan Health Board with its consent.
Read the executive summary of the Aneurin Bevan Health Board follow up audit report
20 September 2011
The ICO has carried out a data protection audit of the Soldiers, Sailors, Airmen and Families Association (SSAFA) with its consent.
Read the executive summary of the SSAFA audit report
12 September 2011
The ICO has carried out a data protection audit of Crown Prosecution Service with its consent.
Read the executive summary of the Crown Prosecution Service audit report
The ICO has carried out a data protection audit of Lancashire Police with its consent.
Read the executive summary of the Lancashire Police audit report
6 September 2011
The ICO has carried out a follow up data protection audit of Trafford Housing with its consent. Trafford Housing has asked us not to publish the executive summary of the follow up audit report.
30 August 2011
The ICO has carried out a data protection audit of the Metropolitan Police Service with its consent.
Read the executive summary of the Metropolitan Police Service audit report
25 August 2011
The ICO has carried out a data protection audit of Nationwide Building Society with its consent.
Read the executive summary of the Nationwide Building Society audit report
16 August 2011
The ICO has carried out a data protection audit of Google Inc with its consent.
Read the executive summary of the Google audit report
Google has produced a response to the report.
29 July 2011
The ICO has carried out a data protection audit of the Highways Agency with its consent.
Read the executive summary of the Highways Agency audit report
13 July 2011
The ICO has carried out a data protection audit of GE Money Home Lending with its consent.
Read the executive summary of GE Money Home Lending audit report
8 July 2011
The ICO has carried out a data protection audit of Portsmouth City Council with its consent.
Read the executive summary of Portsmouth City Council audit report
5 July 2011
The ICO has carried out a follow up data protection audit of The Law Society with its consent.
Read the executive summary of The Law Society follow up audit report
17 June 2011
The ICO has carried out a data protection audit of North West London Hospitals NHS Trust with its consent.
Read the executive summary of North West London Hospitals NHS Trust audit report
The ICO has carried out a follow up data protection audit of Ministry of Defence (MoD) with its consent.
Read the executive summary of the MOD follow up audit report
3 June 2011
The ICO has carried out a data protection audit of NHS Ayrshire and Arran with its consent.
Read the executive summary of NHS Ayrshire and Arran audit report
18 May 2011
The ICO has carried out a data protection audit of the Royal Society with its consent.
Read the executive summary of the Royal Society audit report
6 May 2011
The ICO has carried out a follow up data protection audit of DEFRA with its consent.
Read the executive summary of the DEFRA follow up audit report
4 May 2011
The ICO has carried out a data protection audit of Kirklees Neighbourhood Housing with its consent.
Read the executive summary of the Kirklees Neighbouhood Housing audit report
21 April 2011
The ICO has carried out a data protection audit of the Department of Finance and Personnel (DFPNI) with its consent.
Read the executive summary of the DFPNI audit report
15 April 2011
The ICO has carried out a data protection audit of Newcastle City Council with its consent.
Read the executive summary of the Newcastle City Council audit report
21 March 2011
The ICO has carried out a data protection audit of Aneurin Bevan Health Board with its consent.
Read the executive summary of the Aneurin Bevan Health Board audit report
18 March 2011
The ICO has carried out a data protection audit of NHS Birmingham East and North Primary Care Trust with its consent.
Read the executive summary of the NHS Birmingham East and North Primary Care Trust audit report
18 February 2011
The ICO has carried out a data protection audit of Buckinghamshire County Council with its consent.
Read the executive summary of the audit report
The ICO has carried out a data protection audit of Wigan Metropolitan Borough Council with its consent.
Read the executive summary of the audit report
16 February 2011
The ICO has carried out a data protection audit of the Ministry of Justice with its consent.
Read the executive summary of the audit report
11 February 2011
The ICO has carried out a data protection audit of Gravesham Borough Council with its consent.
Read the executive summary of the audit report
4 February 2011
The ICO has carried out a data protection audit of NHS Greater Glasgow and Clyde with its consent.
Read the executive summary of the audit report