Generally always ask for some identification, sufficient to confirm the
identity of the applicant.
After all the security of the data is just as important at this point.
As I understand it the production of identification is not a requirement
though,
provided the data controller is confident the applicant is who they say they
are.
Some examples from past experience where it has not been necessary for
identification to be produced:-
An employee, who is known, and whose identity can be vouched for in that
sense.
An approach from a solicitor, who has the signed authority from the data
subject, where the solicitor has already
confirmed the identity.
A request from a person, made in such a way that their identity is
proven by their circumstances, the correspondence,
their address and the cheque/payment method. (Thinking of somebody like
a serving prisoner here.)
Another scenario might be - A request from a high profile person at a high
profile address where the response was to be returned to that person at that
address.
I am sure that everybody in the group could think of scenario's where the
identity of the applicant is assured by the general detail they provide when
making the request.
Ian W
----- Original Message -----
From: "Data Protection Officer" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, February 16, 2001 11:52 AM
Subject: Identifying a subject
> Does anyone else insist on a form of ID to verify that a person is who
they
> say they are when exercising their Subject Rights??
>
> Fiona Campbell
> IT Team Principal
> IT Services (Ext. 7258)
>
>
>
> _____________________________________________________________________
> This message has been checked for all known viruses by Star Internet
delivered
> through the MessageLabs Virus Control Centre. For further information
visit
> http://www.star.net.uk/stats.asp
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
> all commands go to [log in to unmask] not the list please!
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|