Originally Posted by
Pilou
But how does a lay person convince him/herself that the handling of the matter by the organisation's data controller was satisfactory? What parameters/variables does a lay person use to judge whether a response was adequate or not? Given the recent trend at BA, I wouldn't be surprised if the only information the parties involved were given came in the form of generic "we're really sorry, we'll do better next time, we promise!" e-mails composed by a clerical apprentice in their audit office.
IME, data controllers normally behave in a professional way and take their responsibilities seriously. If you have reason to doubt it, then by all means contact the ICO but I don't think that the ICO will investigate an issue out of the blue and will instead refer you back to BA in the first place.