The Insolvency Service – Dismissed (United Kingdom, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The UK's Insolvency Service was challenged for how it handled a request for information about two companies. The Information Commissioner's Office found that confirming or denying the existence of more information would involve disclosing personal data. This case shows the complexity of handling data requests involving personal information.
What happened
The Insolvency Service was questioned for not fully disclosing information about two companies due to personal data concerns.
Who was affected
The complainant seeking information about the companies and the director involved.
What the authority found
The Information Commissioner's Office decided that confirming or denying additional information would itself disclose personal data, which is protected.
Why this matters
This case highlights the delicate balance between transparency and privacy, particularly when handling requests that involve personal data. Organizations should carefully consider how they respond to such requests to avoid unintended disclosures.
GDPR Articles Cited
National Law Articles
Entities Involved
The Insolvency Services received a request to provide all information regarding two companies it holds on record. The complainant believed that the Director of an insolvent company had set up a second company with a prohibited name and had requested information about both companies. Article 216 Insolvency Act prohibits the Director of an insolvent company to use the name of that company in the 12 months leading up to the liquidation. The Insolvency Service noted that the information it held was already public and that it could not disclose the remainder as it falls under the personal data of an individual (the Director). However, in its communication with the complainant, the Insolvency Services indirectly confirmed that it held more information, by mentioning that the legislation only prevented the directors of the insolvent company from being involved with another company using the same or similar name. The complainant challenged the way his request was handled by the Insolvency Service before the Information Commission Office. The Commissioner had to determine whether the Insolvency Service dealt appropriately with the request to the extent that it covered information not already in the public domain. But first, the Commissioner considered whether the Insolvency Service should have confirmed or denied holding further information within the scope of the request as providing the confirmation or denial involves the disclosure of personal data itself. Moreover, Commissioner considered as well whether the Insolvency Service would be disclosing information relating to the criminal convictions and offences of a third party by confirming or denying that it holds further information within the scope of the request. The Commissioner stated that the information, specifically the confirmation or denial about having more information, in the scope of the request, would fall within the definition of ‘personal data’ defined in section 3(2) DPA: “Any information relat
Outcome
Dismissed
The complaint or investigation was dismissed.
Related Enforcement Actions (0)
No other enforcement actions found for The Insolvency Service in UK
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. The Insolvency Service - United Kingdom (2020). Retrieved from cookiefines.eu
Last updated: