Dear All,
Remember this? A few weeks ago, Leif Wilks said:-
"We seem to be getting conflicting views from the OIC on this.
Gill Smith says that their advice is that "if someone asked to see what
information the Council held about them but did not give sufficient
information to assist you in locating the information, such as connections
or relationship with the council, you would still be expected to process
their request. You would be expected to search
the most obvious information systems (paper, IT, etc) where information
about them may be held, (such as the Council Tax database) and provide
information to them."
I was at a meeting some time ago where Peter Bloomfield from the OIC said
quite clearly that we do not need to respond to requests in the form "all
the data that you hold" with no indication of where it might be.
Section 7(3) seems to me to be pretty unambiguous."
To settle this once and for all.... I have today spoken with Angela Cooney
at the Information Commissioner's Office and she confirmed that data
controllers would be expected to deal with requests, even though little or
no information is given to assist them in locating information held. If a
trawl was made of the most likely systems where information may be held, and
an individual complained to them that their request had not been fully
complied with under the DP Act, they would be sympathetic to the data
controller and unlikely to carry out an assessment, or take enforcement
action as the organisation had done everything it could to locate the
information, in the absence of information to assist them. They would take a
different view, however, if an organisation refused to respond to a subject
access request merely because insufficient information was provided by the
data subject.
Thought you might be interested in the follow-up.
Gill.
Gill Smith
Data Protection & Security Officer
ICT Services
Devon County Council - www.devon.gov.uk
Tel: 01392 383165
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|