HB Ad Slot
HB Mobile Ad Slot
New Tools from the UK’s Information Commissioner’s Office: How to Respond to Subject Access Requests
Friday, August 16, 2013

The UK ICO has come through yet again with some clear guidance as to how to apply the UK’s data protection laws in connection with requests by individuals for access to their personal data.  While we are waiting with bated breath for a final version of the new Data Protection Regulation (earlier posts here and here), it’s worth remembering that compliance with the existing regime is still vital – and any guidance from the ICO regarding the current statutory requirements is certainly worth noting.

The Data Protection Act 1998 (Section 7) gives individuals the right to request disclosure of the information that an organization holds about them.  (Other EU countries have similar access rights, as required by the current Data Protection Directive.) The latest guidance from the ICO addresses the potentially daunting question of how to respond to such “subject access requests.”

In a nutshell, individuals have the right to know what personal information is held by an organization, the source of the information, whether their personal information is being processed and for what reasons, and whether it will be shared with third parties.  Individuals are entitled to receive a copy of their personal information.  Individuals can also request information about the reasoning behind any automated decisions (such as assessments of creditworthiness).

Answering subject access requests may involve significant resources, but organizations are allowed to charge no more than £10 (around $15) for responding.  As individuals become more aware of their access rights, it is becoming more critical for organizations to hold and process personal data in highly traceable ways that will allow a streamlined, low-cost response to such requests.  Organizations should also be aware that subject access requests are likely to crop up if there is a brewing dispute with a consumer.

If you are faced with a subject access request, you can get quick, high-level guidance via the ICO’s online checklist.   The checklist provides a useful first cut, but it is likely that most organizations will want more guidance.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins