Reflections from the ICO comms and public affairs team

As we wind down for 2023, I’ve been reflecting on the Information Commissioner's Office year in comms and engagement.

The headline stats are of course impressive.

We’ve had 5 million website visitors from 229 countries; 5,500 news stories and social posts, including nearly 800 national news articles; and we’ve responded to 26,223 tweets and comments.

But our mission goes deeper than those stats.

We wanted to make data protection more accessible, engaging and understood.

  ❌ Boring paperwork and processes?

  ❌ Legal jargon?

  ❌ Something that doesn’t affect you?

All wrong!

This year the team have made a concerted effort to show why the work we do at the ICO matters and is relevant to every single one of us. It underpins nearly all our interactions every single day. ✔

I’m incredibly proud of the brilliant and hardworking Comms and Public Affairs team for delivering some amazing moments. There are too many share but here are some of the highlights:

1) Reaching new outlets for our work

In April, we issued TikTok with a £12.7m fine for failing to properly protect under-13s. Unsurprisingly, this landed headlines across the world, but one we were particularly proud of was BBC's Newsround. Not a media outlet that routinely covers data protection, a direct route to one of our target audiences: children and young people. Educating the data protection leaders and tech developers of the future.

2) Delivering a tailored service for our core audience

Our monthly newsletter goes to more than 28,600 subscribers and they are dedicated bunch. We used the newsletter to target messages that spoke directly to our engaged audience and connected them to our flagship event for data protection officers – the annual DPPC. Our in-house delivered DPPC in October was a roaring success with over 5,000 delegates attending the event, twice as many as 2022! Almost a third of all DPPC attendees came directly from the newsletter.  

3) Using creative content to make our work more engaging and relatable 

Whether that’s jumping on cultural phenomenon like the David Beckham documentary, Barbie, Eurovision or Star Wars Day and giving it a data protection twist or looking out for moments in the media like responding to Martin Lewis to highlight our nuisance calls guidance, the team’s creativity and agility has helped grow our reach. A particularly great use of visuals was the advice for video game designers and developers. We looked at our Corporate ID and worked out how we could still maintain our brand identity, while coming up with ideas for transforming some of the core parts of data protection law into animations of your favourite retro 8-bitgames. As we set out a clearly defined audience for this campaign, we were able to lean into imagery that we knew would resonate and work with this group.  

4) Turning tech stories into tabloid news

While we're fortunate to enjoy strong relationships with many broadsheets, we get proportionately less coverage in tabloids - but these are just as important for reaching people who are affected by the work we regulate. With our June report, ICO tech futures: Neurotechnology, we targeted the Daily Star.

5) Speaking directly to the public

In July, our deputy chief executive Paul Arnold took part in a live phone-in on the BBC's flagship radio consumer affairs show You and Yours. Live Q&As can be tricky, but by making ourselves accessible and responsive to listeners, we were able to show that we are an empathetic regulator, listening to concerns and signposting to help, support and guidance available. The show led to a 38% per cent increase in visits to our website week on week.

6) Seizing the moment to talk about what we do

In August, a high profile data breach at the Police Service of Northern Ireland (PSNI) put the human impact of our work firmly in the spotlight. We received dozens of press enquiries asking if we were investigating. We are usually limited in what we can say in these circumstances, but John Edwards, the Information Commissioner, proactively took to the airwaves to provide more context to these damaging data breaches. While we couldn’t comment on the specifics of this case, we could use the moment to explain in a very real and meaningful way why having robust measures in place to protect personal information, especially in a sensitive environment, is important. We could also explain how we are there to help.

7) Practicing openness and transparency by sharing findings of our work to provide reassurance to vulnerable groups

We published a blog with our findings looking into whether Tracing Agents - investigators using various methods to find a person’s current address details - were sharing personal information that could put the lives of women in vulnerable situations, such as domestic abuse victims, at risk. The blog provided clarity on how to safeguard and empower people by sharing best-practice advice with tracing agents and signposting abuse survivors to relevant resources. Our blog had an average dwell time of over 5 mins (well ahead of the 1m average) and over 16,000 impressions from amplification by Women’s Aid and Refuge who welcomed the support from the ICO.