The UK data protection watchdog, the Information Commissioner’s Office (ICO), has published its long-awaited guidance on the factors it will take into account when considering whether to initiate enforcement action for data protection breaches and what form any such action should take. Its Data Protection Regulatory Action Policy, comes in the wake of yet another serious data breach by a local authority, this time involving the leaking online of sensitive information relating to the care of vulnerable children. The local authority in question received a fine of £100,000 from the ICO for this breach. The ICO’s Policy should assist organisations with understanding the enforcement process and the risks of non-compliance with the UK Data Protection Act 1998. See further comment and insight by Reed Smith Privacy and Data Protection Partner, Cynthia O’Donoghue on our sister blog, Global Regulatory Enforcement Law, here.