In my experience, when someone submits a SAR they are usually seeking
"justice" and I find that on the whole a discussion with them as to how
best to achieve their ultimate aim is very well received. I have found
that people do not generally thank you for copying every last piece of
paper with their name on it in response to a SAR, and targeting your
response is in everyone's interests. The cases I deal with are
invariably staff cases, and as we have a very low turnover of staff,
they have often been employed for a number of years, and therefore have
a mountain of personal data held by the organisation. By actually
inviting them to a strictly confidential meeting, on a one to one basis,
I can reassure them that I am there to help them, and we can then narrow
down the search to one that is quickly and easily achieved, and which
will actually help them. For example, people often don't want copies of
their original job application etc., as their "beef" concerns more
recent history. I often dangle the carrot of saying "well, if we can
restrict the search to this period of time (for example) I can let you
have it next week, instead of making you wait 40 days for it". I always
say that they can ask me to widen the search again at a later date, but
only one has ever done so, and no-one has ever complained about the way
their SARs have been handled. In fact, one even sent an e-mail to my
boss saying that if HR had handled their case half as sensibly as I had,
they might never have referred their case to an Employment Tribunal. So
I would agree with Tim that it is about giving the SAR a high standard
of service.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Tim Trent
Sent: 12 July 2005 12:28
To: [log in to unmask]
Subject: Re: [data-protection] Handling a SAR outside the Act
Sensitivity: Confidential
I agree that the matter must be handled under the DPA because it was
effectively issued under it.
I agree that one is not "entitled" to extra information. My practical
experience is different, because in practice a good, service oriented
approach ensuring that you comply in all respects with the law tends to
be a better approach than a pure DPA response. So this is a tightrope
to be walked with care.
I view a conversation as reasonable provided Member Relations know what
they are doing. If not, then it can make a potentially awkward
situation a bad one.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Jim Whitaker
Sent: 12 July 2005 12:22
To: [log in to unmask]
Subject: Re: [data-protection] Handling a SAR outside the Act
Sensitivity: Confidential
Unless you need further information from them to help you identify what
information they are seeking, I would advise against asking them for
information about their request.
You are not entitled to it and it is likely to be seen as unhelpful.
Regards
Jim
----------------------------------------------
Jim Whitaker
Head of Information Management and Internal Communications British
Educational Communications and Technology agency Millburn Hill Road
Science Park Telephone 024 7679 7452
Coventry 024 7641 6994 (Ext 3341)
CV4 7JJ Fax 024 7684 7071
========================================================================
=======
-----Original Message-----
From: Hodgetts, Jonathan
[mailto:[log in to unmask]]
Sent: 12 July 2005 12:17
To: [log in to unmask]
Subject: Re: [data-protection] Handling a SAR outside the Act
Sensitivity: Confidential
Tim,
Thank you for your reply. It is clear to me that the member intends for
this to be actioned under the Act in that they ask:
"I would like to make a "Subject Access Request" under section 7(1) of
the
1998 Data Protection Act. Please could you provide me with complete
disclosure of any information concerning me (if you have any) that I am
entitled to view under the provision of the aforementioned act."
I think my main concern is should we be contacting the member to ask the
reason for their SAR, or could this be considered intrusive to their
privacy?
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed.
If you have received this email in error please notify the system
manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.clearswift.com
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list
owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|