Data protection

24 June 2010

Ofcom ('the Office of Communications') is a Data Controller under the Data Protection Act 1998 ('the Act'). The information on this page confirms Ofcom's commitment to protect your privacy and to process your personal information in a manner which meets the requirements of the Act. You can also find out how to request the information we hold about you.

Accessing your personal information

You can ask for a copy of your personal information (for which we charge a £10 fee), and to have any inaccuracies in your information corrected. 

Request form PDF, 58.8 KB

Request form RTF, 1.7 MB

Request form - Law enforcement agencies PDF, 45.1 KB

Request form - Law enforcement agencies RTF, 1.7 MB

Request form - Law enforcement agencies (Marine division) PDF, 49.0 KB

Request form - Law enforcement agencies (Marine division) RTF, 1.7 MB

Complaints about how we process your personal information

Complaints should be addressed to: The Secretary to the Corporation, Ofcom, Riverside House, 2a Southwark Bridge Road, London SE1 9HA. Fax: 020 7783 4033. Email:

What information we collect

The information we collect may include:

  • Name and job title
  • Contact information
  • Age, disability status, ethnicity, gender and nationality
  • Occupation and company details
  • Other information relevant to:
    • Furthering the interests of citizens in relation to communications matters;
    • Furthering the interests of consumers in relevant markets;
    • Promoting competition; and
    • Other statutory functions.
  • Other information relevant to our HR function

How we use the information

Ofcom may use this information for the following reasons:

  • To carry out our statutory functions
  • Licensing and registration
  • Complaints and dispute handling
  • Investigations
  • Research
  • Improve our services
  • Send information to you which we think may be of interest to you
  • Staff administration, including HR functions
  • To pass your details to accountants, consultants and other professionals for the purpose of obtaining professional advice and complying with Ofcom's contractual obligations
  • To comply with our legal and regulatory obligations

Retention of personal information

We will not keep your personal information for longer than is necessary for our purposes.

We may monitor or record any communication between you and Ofcom for quality control and training purposes.

Ofcom has appropriate technical and organisational measures in place to prevent the unauthorised or unlawful processing of your personal information, and accidental loss or destruction of, or damage to, your personal information.

Like most websites, we use cookies to improve the quality of the website and your experience of it. Our cookie statement explains more.

Our website contains links to other sites, mainly those of government departments, but also to those of third parties. Ofcom is not responsible for the data protection and privacy practices within any of these other sites. We encourage you to be aware of this when you leave our site and to read the data protection and privacy statements on other websites you visit which collect personally identifiable information. This statement applies solely to our website.

If you have any questions about this statement, please contact: Information Requests Ofcom Riverside House 2a Southwark Bridge Road London SE1 9HA Fax: 020 7981 3333 Email: This statement may change from time to time. You should therefore review it regularly.

In order to respect your privacy, we process your personal data in accordance with the data protection principles, namely:,

  1. Personal data shall be processed fairly and lawfully.
  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Published by the Information Commissioner's Office May 2006


The Office of Communications ("Ofcom") and the Information Commissioner's Office ("ICO") agree that it would be helpful to adopt a Letter of Understanding ("Letter") to set out a basis for future collaboration between Ofcom and ICO in areas where we may share a common enforcement responsibility. The purpose of this Letter is to enable both organisations to use our resources most effectively, strengthen mutual cooperation and adopt recognised good regulatory practice. At present, the areas where we share enforcement responsibility are primarily those covered by the Privacy and Electronic Communications (EC Directive) Regulations 2003 (the "Regulations"), which include the use of automated calling systems, the transmission of recorded messages that contain direct marketing material, and compliance with the Telephone Preference Service and other similar services(-1-). The commitments in this Letter are not intended to be binding, but serve to signal those actions we intend to take to improve cooperation between us. Ofcom and ICO acknowledge that both organisations have statutory duties to disclose, and not to disclose, information under certain circumstances (including under the Data Protection Act 1998) and that if there is a conflict between those obligations and commitments made in this Letter, the agency shall comply with its statutory obligations.

Enforcement powers

Ofcom and ICO have discrete and concurrent powers to enforce in these areas:

  • ICO has primary responsibility for enforcing the Regulations using the discrete powers conferred on it under Part V and Schedules 6 and 9 of the Data Protection Act 1998.
  • Additionally, Ofcom and ICO share concurrent powers as designated enforcers of the Regulations under Part 8 of the Enterprise Act 2002(-2-).
  • Ofcom in turn has discrete enforcement powers in relation to persistent misuse of an electronic communications network or service under sections 128 to 130 of the Communications Act 2003. Ofcom can take action under these provisions where Ofcom has reasonable grounds for believing that a person has persistently misused an electronic communications network or service in any way that causes, or is likely to cause, unnecessary annoyance, inconvenience or anxiety to consumers.

Powers under the Enterprise Act allow enforcement action to be exercised retrospectively, to prevent the repetition of the non-compliant behaviour after it has ceased, although these powers may only be exercised through the courts. Ofcom's powers in relation to persistent misuse enable Ofcom to take action to bring persistent misuse to an end, remedy the consequences of persistent misuse and to impose a financial penalty on the persistent misuser, up to a maximum set by the Secretary of State (currently £50,000).

Principles informing which regulator takes action

Ofcom and ICO will decide which organisation is best placed to investigate issues of suspected non-compliance applying the following non-exhaustive principles:

  • Efficiency: Enforcement needs to be quick and effective and should send out a signal that we consider certain behaviour to be unacceptable;
  • Cooperation: We need to work together closely and act in a joined-up way, to ensure that stakeholders have sufficient clarity as to our respective roles in this area;
  • Proportionality: Enforcement needs to be proportionate to the risk.
  • Expertise: There are areas where Ofcom or ICO will have specialist experience and might generally be expected to take the lead. For example, ICO may lead if issues of privacy are critical to an investigation, and Ofcom may lead if an investigation would benefit from technical knowledge of the communications sector;
  • Clarity: In deciding whether Ofcom or ICO is best placed to investigate, we will consider whether the issue raises a particularly novel question (for example, the meaning of a definition in the Regulations or the need to clarify whether a particular practice is permissible or not) which could have bearing on the legal instrument adopted; and
  • Resources: In deciding whether it is appropriate for Ofcom or ICO to investigate, we will take into account the resources available to our respective organisations at any particular time.


Bearing in mind the importance of transparency in decision-making:

  • Ofcom and ICO will consult each other when deciding whether to make public statements regarding the opening or conduct of an investigation (other than statements made under existing procedures (for example, through Ofcom's Competition Bulletin).
  • Ofcom and ICO will publish this Letter on their websites.

Information-sharing and taking enforcement decisions

Given that effective enforcement benefits from effective information-sharing:

  • Ofcom and ICO agree to provide each other with quarterly updates about current enforcement investigations and to meet at quarterly intervals to discuss those updates and enforcement activity in general. In so doing, Ofcom and ICO will seek to keep each other informed about suspected non-compliant behaviour that is causing concern, the rationale for taking or not taking enforcement action in a particular case and the progress of enforcement actions that have been undertaken. The relevant points of contact are the Director of Investigations at Ofcom and the Head of the Regulatory Action Division at ICO; and
  • If Ofcom or ICO is considering investigating suspected non-compliance which could potentially be investigated by either the Ofcom or ICO, we will inform the other body and reach a decision on who is best placed to investigate within a period of 15 days of notification.


Ofcom and ICO intend to review the arrangements set out in this Letter at appropriate intervals, with a view to improving cooperation and identifying further areas where coordinated action could further the interests of UK citizens and consumers.


1.- The Telephone Preference Service ("TPS") enables consumers to nominate that they do not wish to receive unsolicited marketing calls. For details on the TPS and other similar services, see
2.- A "designated enforcer" is a person who has been so designated by the Secretary of State under section 213 of the Enterprise Act.