The UK ICO and UK National Crime Agency Sign Cyber Security Memorandum
Time 2 Minute Read
Categories: International, Cybersecurity, Enforcement

On September 10, 2024, the UK Information Commissioner’s Office (the “ICO”) announced that it signed a memorandum of understanding with the UK National Crime Agency (the “NCA”) related to cyber resilience. The memorandum sets out broad principles of collaboration, and the legal framework regarding the sharing of relevant information and intelligence, between the organizations. 

Specifically, the memorandum explains how the ICO and the NCA will work together in areas such as influencing improvements in cybersecurity of regulated organizations, information sharing regarding cyber threats and incidents (including on an anonymized basis and, where appropriate, regarding organizations which have suffered a cyberattack), and “deconfliction” between the ICO and the NCA regarding incident management. With regard to the latter, this will include, for example, where an organization has reported an incident to the NCA which the NCA believes the organization is legally required to the report to the ICO, the NCA will “remind” the organization of its reporting obligations. Furthermore, where the ICO and the NCA are engaged in managing the same incident, they will “seek to coordinate their work.”

The operation of the memorandum will be continually monitored by the ICO and the NCA. The memorandum will be reviewed every two years.

Tags: Cyber Attack, Information Commissioners Office, Information Sharing, Law Enforcement, Surveillance, United Kingdom
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
UK Regulators Issue Joint Statement on Age Assurance for Online Services

On March 25, 2026, the UK Information Commissioner’s Office and the UK Office of Communications released a joint statement addressing the intersection of online safety and data protection in relation to age assurance.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Publishes Guidance on Recognized Legitimate Interest Basis

On March 23, 2026, the UK Information Commissioner's Office released new guidance clarifying the use of the new recognized legitimate interest lawful basis for processing personal information under UK data protection law.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
UK ICO Launches Consultation on New Guidance on Research, Archiving and Statistics Provisions

On February 27, 2026, the UK ICO announced a public consultation on proposed updates to its guidance concerning research, archiving and statistics to reflect the changes introduced by the Data (Use and Access) Act 2025.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
UK ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Privacy

On February 24, 2026, the UK ICO announced that it had fined Reddit, Inc. £14.47 million following an investigation into the company’s handling of children’s personal information.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page