Precisely! But if the 14 days expires after the original 40-day maximum, one
would be well advised to comply within the 14 days.
Ian Mansbach
-----Original Message-----
From: Carter, Antoinette (CCM) [mailto:[log in to unmask]]
Sent: 29 September 2004 15:00
To: Ian Mansbach; [log in to unmask]
Subject: RE: [data-protection] SAR and compliance calendar days
I would have thought that it was simply his own estimation of what
constituted a reasonable time frame. I have often closed letters (mainly
those contesting parking tickets!) demanding a response within 7 or 14 days
knowing perfectly well that they'll only get back to me when they see fit.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Mansbach
Sent: 29 September 2004 14:39
To: [log in to unmask]
Subject: Re: [data-protection] SAR and compliance calendar days
Looking at this solely from a DPA perspective, there is a distinction
between omissions from an SAR and rectification of inaccurate personal data.
S7(8) requires one to comply with an SAR "promptly" and in any event within
40 calendar days. The 40 days start on the day the SAR is received or, if
later, the first day on which one has: (1) any required fee, and (2) any
required information needed to (a) to satisfy oneself as to the identity of
the requestor, and (b) to locate the requested data. The response must be
complete to comply. So, if personal data was missing from the initial
response, the missing data must be found and passed on promptly and, in any
event, within the original 40 day period.
It may be that the 14 day time limit requested takes into account the
remaining days to comply with the 40 day maximum, or it may be that the data
subject is granting a concession beyond the original maximum period. In
either event, it is probably reasonable but, if it is not possible to comply
within that time then it would be wise to write explaining the situation and
proposing an alternative date by when you will comply (always bearing in
mind the requirement to respond "promptly").
It is believed that information which cannot be disclosed without first
obtaining third party consent according to s7(4) is subject to a separate 40
day period. Accordingly, one should comply with the rest of the request
first and then follow on with information for which one subsequently gets
consent as soon as permission is received for that information.
There is no time limit to rectify inaccurate personal data. However, given
the potential legal remedies, it would be wise to rectify data as soon as
possible and to notify the data subject accordingly.
Ian Mansbach
Mansbachs
Data Protection Practitioners
[log in to unmask]
phone: 0871 716 5060
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Sally Justice
Sent: 29 September 2004 11:53
To: [log in to unmask]
Subject: [data-protection] SAR and compliance calendar days
Can anyone advise please?
When a SAR is completed and sent to the data subject they can reply that
they perhaps feel some data is missing, some data is wrong etc. How many
days do we have to put things right? I recently had a SAR and the person
wrote to say some data was missing and gave full details etc. so no problem
about locating it; but I was told that this had to be completed within 14
days. Where did he get this from as I can't find this rule in the Act?
thanks
Sally Justice
p.s. also it seems that Schools have to respond within 15 days according to
discussions on the recent FOI list. Is this correct?
-
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|