Thanks for the sample letter, Su, did we all spot the mistakes?
Personal data includes the intentions of anyone towards us, not just the
organisation's intentions. The organisation should have an indication of
what recipients will do with the information. They have to know because they
couldn't assess whether the disclosure is lawful, compatible and fair without
that knowledge.
Many people will not need to provide so much information as proof of ID.
Many are so well known (particularly to LAs and other public bodies) that
even if they just walked into the offices they would be recognised.
If I was sending such a request I would not offer the photocopies suggested,
but if the controller insisted on the proofs of ID, etc, I would write in the
letter that as soon as I was satisfied with their response I would expect
them to destroy the proofs.
The passport and photo may only be necessary in a request for CCTV footage
and is unlikely to aid computer or manual file searches. The utility bill or
other proof of address may only be needed where the address on file does not
match the address on the request.
Obviously the sample letter is a "catchall" and is the nearest you could get
to a general letter to cover all situations rather than write different
samples for different types of data controller. I think the letter is a bad
example and rather OTT. It may even be an evil plot by the Grauniad to get
organisations to collect more information on us - think of all the additional
data we would be supplying in each SAR.
Ian
Ian Buckland
Managing Director
Keep IT Legal Ltd
Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|