Skip to main content

Members Directory

An Audience with the Isle of Man’s Information Commissioner

Back to Chamber News

18 July 2025

Douglas, Isle of Man – 4 July 2025 – In her first public address since the release of her office’s annual report, the Isle of Man’s Information Commissioner, Dr Alexandra Delaney-Bhattacharya, outlined a bold new vision for building public trust and guiding innovation responsibly in the digital age. 

Speaking warmly to an audience of Chamber members, Alex reflected on her first nine months in office and set out five strategic priorities to redefine the role of the data protection authority on the island. 

From Reactive to Proactive: A Shift in Regulatory Strategy 

Alex acknowledged the authority has, in recent years, been more reactive than proactive in its approach, largely due to capacity constraints that required the office’s small team of five members to prioritise complaints handling.  

“We’ve been waving the stick more than we’ve offering the carrot” she said, referencing the regulator’s dual responsibilities to enforce compliance and support innovation. “It’s time we balanced those roles more effectively.” 

With recent recruitment successes strengthening the team, Alex expressed optimism about broadening the office's approach in the year ahead. She emphasised the importance of balancing the regulator's dual responsibilities of enforcement and innovation support. Her roadmap includes increasing external engagement, enhancing transparency, and modernising outdated systems. 

Trust as a Business Asset 

Reflecting on her experience as a new starter in the UK ICO during the Cambridge Analytica scandal in 2018, Delaney-Bhattacharya underscored that data breaches are not merely technical failures but breaches of trust with far-reaching consequences. 

“Your customers don’t just buy your product; they buy your promise to protect their data. Robust data protection is not a compliance burden—it’s the foundation for innovation and retention,” she said. 

She pointed to global figures showing data breaches cost organisations an average of $4.8 million, with 60% of small businesses failing within six months of a major incident. 

Key Insights from the Annual Report 

Alex’s presentation highlighted findings from the first annual report in six years: 

  • 152 data breaches reported, affecting almost 5,000 individuals. 
  • Nine regulatory actions against private sector organisations, including three information notices, as well as two warnings and four reprimands for personal data protection breaches. 
  • A rise in public sector complaints, primarily related to subject access requests in healthcare and law enforcement. 

Surprisingly, there were no DPIA submissions from the private sector, raising concerns about awareness and compliance. 

Building a Modern, Open Regulator 

Determined to transform perceptions, Alex plans to overhaul the regulator’s website, expand international cooperation, and participate in Global Privacy Enforcement Network (GPEN) privacy sweep.  

“We’re not mythical dragons in a cave,” she quipped. “We’re approachable, and we’re here to help organisations navigate these challenges.” 

A Call to Action 

Alex concluded with a clear message to businesses: 

“In the digital economy, trust is the ultimate currency. The question isn’t whether you can afford to invest in data protection—it’s whether you can afford not to. 

She encouraged organisations to read the annual report and engage proactively with her team.