15th October 2025

A Lincolnshire man has formally placed the Information Commissioner’s Office (ICO) on notice of intended legal action, demanding the preservation of evidence in a long-running dispute over information requests and data handling.

In a Letter Before Action sent this week to the ICO’s Legal Services Department in Wilmslow, Alan M. Dransfield accuses the national data regulator of “systematic misuse” of both the Freedom of Information Act 2000 (FOIA) and the UK General Data Protection Regulation (UK GDPR).

Mr Dransfield’s letter cites alleged breaches of Articles 5, 12, and 18 of the UK GDPR and various sections of the FOIA, claiming the ICO has unlawfully refused or mishandled multiple information and data access requests he has submitted since 2009.

The correspondence, which references ICO case number IC-422234-H9W3, warns the regulator to “immediately preserve all relevant documents” — including internal emails, legal advice, and decision records — relating to the refusal of 49 FOI and four data protection requests.

Mr Dransfield contends that the ICO’s refusal to retain these records “creates a real risk of obstruction of justice” and could amount to spoliation of evidence under Civil Procedure Rule 31.11, which requires parties to preserve documents when litigation is anticipated.

In the letter, he announces his intention to pursue a claim valued at £17 million, or “4% of the ICO’s global turnover,” alleging damage to reputation, psychological distress, financial loss, and breach of statutory duties. The proposed proceedings are expected to be issued in the Manchester County Court later this year.

Mr Dransfield’s notice gives the ICO until 28 October 2025 to confirm that all relevant material has been preserved. If not, he says he may seek a court preservation order, refer the case to the Parliamentary and Health Service Ombudsman, or take the matter to the media.

The ICO has not yet publicly commented on the letter or the allegations.

Background:
The ICO is the UK’s independent authority responsible for upholding information rights and enforcing data protection law. Under its published retention schedule, case records are typically held for a minimum of two years before being deleted unless there is a legal reason to retain them longer.