RONAN DURNIN wrote:
> Dear All,
>
> I'm currently drafting some guidance concerning subject access requests.
>
> With regards to verifying the identity of the requestor is it reasonable
> to ask that one form of official photographic ID be provided (identity
> cards, anyone?!) or in the absence of such ID, two of the following:
I would suggest that it is UNREASONABLE. And the reason it is
unreasonable is that unless the person is at a counter, you have no need
to have the person's likeness provided or stored.
I will look up the law, but it seems to me that you need to be
reasonably satisfied that a person making the request is who they say
they are.
A signed letter, with a reply address ought to be sufficient to satisfy
'reasonably satisifed'. Anyone who writes to you purporting to be the
person concerned commits the offence of forgery if they are not who they
say they are.
If they have access to the person's address, they can easily get hold of
a utility bill.
> * Written statement confirming identity of requestor by Religious
> Minister, Lawyer/Barrister or GP
>
A bit over the top for a mere SOA (its not a passport application), but
certainly sufficient for the purpose.
Nigel
PS: Requesting bank or credit card statements is IMO excessive data
collection -- yoiu have no need to know who I bank with, or what my
overdraft limit is!!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|