I would have thought that it was simply his own estimation of what
constituted a reasonable time frame. I have often closed letters
(mainly those contesting parking tickets!) demanding a response within 7
or 14 days knowing perfectly well that they'll only get back to me when
they see fit.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ian Mansbach
Sent: 29 September 2004 14:39
To: [log in to unmask]
Subject: Re: [data-protection] SAR and compliance calendar days
Looking at this solely from a DPA perspective, there is a distinction
between omissions from an SAR and rectification of inaccurate personal
data.
S7(8) requires one to comply with an SAR "promptly" and in any event
within
40 calendar days. The 40 days start on the day the SAR is received or,
if
later, the first day on which one has: (1) any required fee, and (2) any
required information needed to (a) to satisfy oneself as to the identity
of
the requestor, and (b) to locate the requested data. The response must
be
complete to comply. So, if personal data was missing from the initial
response, the missing data must be found and passed on promptly and, in
any
event, within the original 40 day period.
It may be that the 14 day time limit requested takes into account the
remaining days to comply with the 40 day maximum, or it may be that the
data
subject is granting a concession beyond the original maximum period. In
either event, it is probably reasonable but, if it is not possible to
comply
within that time then it would be wise to write explaining the situation
and
proposing an alternative date by when you will comply (always bearing in
mind the requirement to respond "promptly").
It is believed that information which cannot be disclosed without first
obtaining third party consent according to s7(4) is subject to a
separate 40
day period. Accordingly, one should comply with the rest of the request
first and then follow on with information for which one subsequently
gets
consent as soon as permission is received for that information.
There is no time limit to rectify inaccurate personal data. However,
given
the potential legal remedies, it would be wise to rectify data as soon
as
possible and to notify the data subject accordingly.
Ian Mansbach
Mansbachs
Data Protection Practitioners
[log in to unmask]
phone: 0871 716 5060
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Sally Justice
Sent: 29 September 2004 11:53
To: [log in to unmask]
Subject: [data-protection] SAR and compliance calendar days
Can anyone advise please?
When a SAR is completed and sent to the data subject they can reply that
they perhaps feel some data is missing, some data is wrong etc. How many
days do we have to put things right? I recently had a SAR and the
person
wrote to say some data was missing and gave full details etc. so no
problem
about locating it; but I was told that this had to be completed within
14
days. Where did he get this from as I can't find this rule in the Act?
thanks
Sally Justice
p.s. also it seems that Schools have to respond within 15 days according
to
discussions on the recent FOI list. Is this correct?
-
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|