How does the ICO handle requests for information relating to BCRs under the Freedom of Information Act 2000?
As the concept of BCR is relatively new, there has been a great deal of interest in the applications we have already dealt with from other companies and their advisers who are interested in putting together an application. As a result, we have received a number of freedom of information requests for copies of documents. Organisations seeking authorisation for their BCRs will be treated in the same way as any other data controller seeking compliance advice from the ICO. This means that we cannot disclose the fact that an organisation has approached us with an application without its consent or unless the information has been put into the public domain. Once an authorisation is made, however, this is a matter of public record. Applicants are notified accordingly and authorisations are put on the ICO website. Some organisations put some of the content of their BCRs into the public domain via their websites (for example, the privacy policy or data protection code) and this obviously helps
