ICO faces ridicule over £1m 'bigger picture' contract

The Information Commissioner’s Office is facing mass ridicule after signing a potential £1m deal for a specialist consultancy to advise the regulator on how best to adopt “a systems-thinking approach” which involves trying to see the “bigger picture” of its operations.

The agreement, with London-based management consultant RedQuadrant, is due to last for an initial term of about 22 months, according to a newly published contract notice. It can be extended for a further term of two years, up to the end of October 2029 and will be worth around £250,000 a year, with a total potential spend of £1m.

The move will see the ICO – which is poised to change its structure to mirror that of other UK regulators, with a chair, chief executive and a board – receive guidance on how best to sort out its internal processes.

According to the official blurb, “systems thinking is a holistic approach to problem-solving that focuses on understanding how interconnected parts of an organisation influence each other and the whole, rather than viewing issues in isolation; it helps leaders see the ‘big picture’, anticipate unintended consequences, and design more sustainable, effective solutions by mapping relationships, feedback loops, and the overall system behaviour”.

The contract notice, which includes classic business gobbledegook, states the consultancy will “support the ICO to make some fundamental changes to how we think about, design and action our work. ICO want to ensure effective delivery against our purpose, using the right information to take the right actions in the right way and to ensure this, the ICO wants to apply a systems thinking approach”.

But the appointment has sparked both disbelief and widespread mockery on LinkedIn from data protection experts.

The former head of ICO regions Ken McDonald wrote: “I’m sure this £1m investment in a systems thinking approach will be a welcome boost to the morale of those staff struggling to meet performance targets and also to those who have been in temporary/interim posts for many, many months because of lack of funding.”

Data governance and data protection consultants have also waded in. Rob Horne stated: “Checked the calendar, it’s not 1st April. Hmm…” and Dan Snowden commented: “If there’s one thing the ICO likes to throw money at, it’s third party consultancy. As usual, it’s unlikely they’ve checked if they already have this skillset among the existing workforce.”

Meanwhile, Robert Weston added: “This beggars belief. Do the ridiculously large number of executive employees not have the requisite expertise to run the place? If not, why on earth were they hired and what exactly is it that they do?” and Sam Butler concluded: “ICO spends public money to be shown how to use the rod it made for its own back.”

The move comes amid a growing backlash against what many perceive to be the ICO’s failure to enforce data protection regulations.

Just last week, the regulator, led by commisioner John Edwards, was heavily criticised for failing to come down hard on the Post Office after it emerged that the top brass had changed their mind over a £1m fine for a major data breach. The incident resulted in the personal information of hundreds of postmasters involved in the Horizon IT scandal being leaked online.

The document contained the names, home addresses and postmaster status of 502 people who were part of a group litigation against the organisation, dramatised in the award-winning ITV show Mr Bates vs The Post Office. The ICO admitted it initially considered imposing a fine of up to £1.094m but then downgraded the action to a reprimand, viewed by many as just a “slap on the wrist”.

The controversial decision came just days after a coalition of more than 70 civil liberty groups, academics and legal experts joined forces to demand MPs launch a major investigation into a “collapse in enforcement activity” at the regulator.