Becky
According to the OIC it's perfectly ok to contact the data subject and ask
if they would be satisfied with a set of information covering a specific
area, rather than everything you hold about them. The important thing is
that you don't deny their rights by giving the impression that the data
subject is not entitled to all the information if they really want it.
A certain well-known data protection expert suggested that a data controller
could have two tiers of information provision to encourage data subjects to
accept less than the full data holding - the restricted set of information
could be provided free of charge, whereas there would be a £10 charge for
the full set.
Hope this helps
Stuart
-----Original Message-----
From: Rebecca Hughes [mailto:[log in to unmask]]
Sent: 28/09/2001 14:43
To: [log in to unmask]
Subject: SARs
Dear All,
Subject Access Requests - how do your institutions handle them? I am
interested in smoothing out our procedures and I wondered whether on every
request it is necessary to send out as list or a copy of all data held on
the subject or whether you can just provide them with the specific
information they require. It seems to be such a simple question that I
can't find the answer! Advice welcome!
Becky
Administrative Officer (Data Protection)
University of Exeter
[log in to unmask]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|