“Sorry,” a bit like a tooth-loosening caramel, can be one of the harshest words. This did not prevent the Office of the Information Commissioner from condemning itself to say it following the findings of an internal investigation which confirms that a dishonest employee was content with the company credit card a little in a luxury chocolate chain last Christmas.
The regulator said he was very disappointed in himself after the anonymous staff member racked up a £ 6,248.40 bill at the Chocolat Hotel by spending £ 24.60 on 254 gifts for his colleagues – and the taxpayers footed the bill because who wouldn’t want to say thank you to the ICO for holding Big Tech’s feet up against the fire.
The UK data watchdog was warned of itself in February by Insider, which spotted the figure in the ICO’s list of company fee payments over £ 500. The chocolate shopping spree reportedly took place on December 21.
The ICO said in a statement released yesterday:
About 85 to 90 percent of the ICO’s annual budget is made up of data protection fees paid by organizations that process personal data, the rest coming from an annual grant from the Ministry of Culture, Media and Sports .
This shock from Hotel Chocolat was the only transaction made outside of ICO policy, the ICO said, and the only example of purchasing presses for staff. Nonetheless, “for this specific transaction, our strict financial controls were not effectively monitored, allowing the transaction to proceed although not authorized by ICO policy.”
Sorry it’s a little word but it takes a grown-up to say it, and the ICO “wants[s] to apologize … we have taken action in response to the findings of the investigation, implementing all recommendations in full, so that this does not happen again. “
As for the controls that had been put in place, the ICO told us, “We looked at the corporate credit card budget holder approval process and spending limits …
“All budget managers are regularly trained in the use of corporate payment cards, budget management and our procurement policies; and this mandatory training is now repeated annually. “
In its official statement, the watchdog added that it would include a “review of our implementation of the recommendations of this investigation into our future internal audit program.”
“When the investigation revealed behavior below the standards expected by the ICO, we also took appropriate action,” he added. “These matters are confidential, however.”
So no shock to some people this year according to the sounds?
Oh and the ICO has been hired for a new role: a finance manager to “strengthen oversight of our financial controls and training of our staff.”
Asked about this, the regulator told us that “the former CFO resigned in May. A new interim CFO was appointed in June to lead our work in response to the recommendations of the investigation.”
He added: “A permanent appointment has also been made to this post and is expected to join the ICO in October.”
We asked if the ICO should reimburse the £ 6,248.49 spent on chocolate gifts for staff last December and were told: ‘As the transaction was not contested due to certain failures in Overseeing our strict financial controls, we decided that it would not be appropriate to require a budget holder to repay the funds. “®