Has anyone come up with a simple system for keeping track of what
information has been disclosed to whom in response to subject access
requests?
Many of our files contain 'personal data' about more than one data subject
(eg a file on Mr X's complaint against Doctor Y), information that qualifies
for an exemption and information that is not personal data at all - all in
the one file. I need to find a way of ensuring that we know exactly what
information was disclosed to which data subject, even down to whether a
particular page was disclosed in its entirety or had elements blanked out.
At the moment we are compiling item-by-item catalogues, but that is very
labour-intensive, and is not a clear way of recording what information was
blanked out. I can't help thinking that there must be an easier way of
keeping track of this. What does everyone else do?
Susan Graham
General Medical Council
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|