|
Thanks for your comment.
I am thinking of a very specific instance such as a university library,
where I would think the librarian could argue that only members of the
university, or indeed only those who had a reading card, had a relevant
interest in what information was kept on individuals by the
organisation. In this case, they would be signalling that they want that
person to demonstrate that they have a legitimate interest before
telling them how they could obtain any information. I agree that it is
sending all the wrong signals (and ideally they would just point them to
a web site where the procedure was laid out), but I wonder whether the
DPA says anything about this, or if there has been any guidance by the
IC?
On the other hand, I guess one could argue that there should be no
reason why a person has to demonstrate a legitimate (as in personal)
interest in what information is held on individuals by an organisation
before being told what the procedures are for obtaining it?
Any thoughts?
Regards,
Richard Poynder
-----Original Message-----
From: [log in to unmask] [mailto:[log in to unmask]]
Sent: 30 September 2002 15:37
To: [log in to unmask]; [log in to unmask]
Subject: Re: SAR letter
In a message dated 30/09/2002 14:33:48 GMT Daylight Time,
[log in to unmask] writes:
<< Here's something that interests me: to what extent does the enquirer
need to establish a right to ask about the procedures for obtaining
information in the first place (i.e. simply enquire about the procedure
for obtaining what data is held, rather than specifically asking for
information on a named individual)?
In other words, is it acceptable to respond to an enquiry about how you
obtain the information and how much would it cost with the reply: "what
do you want it for?" And then only tell them the procedure itself if
they tell you why they want to know how to make an application? >>
---------
Why should they need to ask these things? Alll they need to know is
that
they have a right of access and how to write a simple letter.
A letter that simply says:
"Dear Sirs
I understand I have a right to know what information you have about me,
please send it to me at the above address.
Yours, "
would suffice. If you need to know any more information than his/her
name
and address in order to help you search through your files, then you
would of
course tell them. Otherwise you would send them the data within the 40
days.
If someone was daft enough to ask about your procedures for dealing with
subject access requests it would probably be in your best interests to
tell
them, it may save you a lot of time, trouble and money later. If you
tell
them you charge £10 it might even put them off requesting.
Personally, I would be more likely to ask for subject access at any
organisation that gave the impression it had something to hide.
Ian Buckland
Managing Director
Keep IT Legal Ltd
Please Note: The information contained in this document does not replace
or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting
your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
