Companies operating in markets in which businesses can gain a competitive advantage from offering enhanced privacy protections to customers are less likely to be the subject of enforcement action over breaches of data protection laws, the Information Commissioner’s Office (ICO) has said. The UK’s data protection watchdog has published a Data Protection Regulatory Action Policy that sets out the factors it will take into account when deciding whether to initiate regulatory action. The ICO said that it will be selective about which breach cases to pursue regulatory action in and that “market factors” could influence its decision whether to take up an investigation. “Our approach will be driven by concerns about significant actual or potential detriment caused by non-compliance with data protection principles, the PECR (Privacy and Electronic Communications Regulations) or other relevant legal requirements,” the ICO’s Policy said. “The initial drivers will usually be: issues of general public concern; concerns that arise because of the novel or intrusive nature of particular activities; concerns raised with us in complaints that we receive; and concerns that become apparent through our other activities.” Under its existing information rights strategy, the ICO pledged to focus its regulatory attention on organisations operating in the health, credit and finance, criminal justice, Internet and mobile services and security sectors.