The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Science, Innovation and Technology.

The UK government said he would "go beyond the regulator's traditional role" and that the job would now be "balanced" between protecting rights and promoting "innovation and economic growth".

Denham has also overseen the conclusion of the ICO's investigation into charities' fundraising activities and a series of fines for companies behind nuisance marketing.

During his time as Information Commissioner, Christopher Graham was noted for gaining new powers to issue monetary penalties to those who breach the Data Protection Act 1998.

He has also welcomed new powers to issue monetary penalties under the Privacy and Electronic Communications Regulations, as well as raising concerns over harm and distress caused by nuisance call to the public.

Following the UK's departure from the EU on 31 January 2020, the GDPR continues to be part of British domestic law by virtue of section 3 of the European Union (Withdrawal) Act 2018.

[19] This made it easier for the ICO to "take enforcement action against more organisations breaching the Privacy and Electronic Communications Regulations (PECR)".

[20] In October 2018 the ICO fined two companies a total of £250,000 that made nearly 1.73 million direct marketing phone calls to people registered with the Telephone Preference Service (TPS).

[21] In December 2018, the Commissioner welcomed the new law that means the ICO can now hold company bosses directly responsible and has the power to fine them personally for breaches of the Privacy and Electronic Communications Regulations (PECR).

[24] In 2002, under 'Operation Motorman', the ICO under Richard Thomas raided various newspaper and private investigators' offices, looking for details of personal information kept on unregistered computer databases.

The ICO action followed a 28 June 2008 article about alleged blacklisting in the construction industry, by journalist Phil Chamberlain, published in The Guardian.

[28] In 2013, the Information Commissioner's Office fined Sony Computer Entertainment Europe Ltd. £250,000, when many PlayStation systems were hacked and the names, addresses, phone numbers and card details of users were stolen.

[30] On 23 March 2018, the ICO searched the London headquarters of Cambridge Analytica amid reports that the firm harvested the personal data of millions of Facebook users as part of a campaign to influence the U.S. 2016 presidential elections.

A series of avoidable data security flaws allowed the personal details of around 2.7 million British customers to be accessed and downloaded by attackers from a cloud-based storage system operated by Uber's US parent company.

[33] In February 2019, the ICO launched an investigation of the video-sharing platform and mobile application TikTok, following the fine its parent company ByteDance received from the United States' Federal Trade Commission, for collecting information from minors under the age of 13 in violation of the country's Children's Online Privacy Protection Act.

As a result, the attacker compromised 283 systems and 16 accounts, uninstalled the company's anti-virus solution, and encrypted the personal data of current and former employees.