I suppose you could just say that in order to satisfy yourself of the validity of the request would the client please forward a fresh request in writing so that you can sort it out. This way you know it's origin. And in terms of the information required, that really is all you can do. You can also match the signatures to get an idea of if the first one is fraudulent. That may allow you take your concerns forward if appropriate.

If you are worried due to the fact that the person couldn't remember signing the first letter and then changed his mind, then don't worry too much. I am only 45 and two weeks ago I was hit with a credit card fraud, which was caught. However, on reading back transactions I didn't remember 3 of them from only 4 days previously. I had to look at my receipts to remember that they were OK! It’s an age thing...

Hope the first paragraph is of use.

Simon Howarth.

-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Cate
Sent: 10 August 2011 14:51
To: [log in to unmask]
Subject: [data-protection] Subject Access

I seem to be having a mental block, hopefully someone can help.
I work in the financial services/insurance broking sector, after many years in local government and am learning the ropes of this particular business area.
I have recently received a subject access request from an elderly client who wishes for his access request to be sent to his new financial advisor. 
It has come to light that our client has a 'friend' who uses the suggested new advisor and that may have written the SAR letter to us on our clients behalf with him only signing it. Upon speaking to the Data Subject as this request was out of the blue , and with us having an excellent relationship with him,  he could not recall the letter and said that his solicitor must have sent it, although not on Solicitor headed paper, he then changed his mind later in the conversation that he did send it.
We are led to beleive that this 'friend' has recently alot of influence with our client recently.
We have also clarified with the new advisor (of a different company) if they were agreeable to recieve the data. They responded by saying that they had had discussions with the client but no confirmation of new business being  taken.

Gut feeling is something isn't right, and am reluctant to send information to a recipient that isnt expecting it on the authority of a frail person, who may have been 'influenced' to make the SAR. I have the following thoughts unless anyone can give me some further direction.

a) Do I have the justification if the solicitor is known, to confirm that they drafted the letter, although I feel the answer will be no.
b) If the solicitor response is no, how can I establish that this SAR is not being made under pressure from 'friend'.
c) Confirm in writing with the 'new' financial advisor that they would/wouldn't be willing to accept the response to the SAR as no business has been entered into yet with the client.

Long winded I'm afraid , but wanted to give all the facts I have
Thank you
Cate

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^