Not according to the Out-Law.com report of a statement from the ICO:
"We will not require data controllers to grant individuals subject access to the personal data provided that all four safeguards above are in place," it said. "Nor will we take any action over compliance with the fifth data protection principle. It is, however, important to note that where data put beyond use is still held it might need to be provided in response to a court order. Therefore data controllers should work towards technical solutions to prevent deletion problems recurring in the future."
Jim
========================================================================
Good point.
I imagine it would still apply to a SAR. As they would still be processing the data in the strictest sense of the word.
From: The Information and Records Management Society mailing list [mailto:[log in to unmask]] On Behalf Of Chris Tinsley
Sent: 05 September 2012 08:26
To: [log in to unmask]
Subject: Re: UK - Firms do not always need to delete personal data to comply with data protection rules, says ICO
I presume this would apply in instances where "Live" data has been deleted but might still exist on a backup or archive. In the event of a computer failure there would be no intent to restore or use the data but it would be extremely hard and expensive to ensure that the data had been wiped from all of the backups.
Does this mean that the data would be available for an SAR?
To view the list archives go to: https://www.jiscmail.ac.uk/cgi-bin/webadmin?A0=RECORDS-MANAGEMENT-UK
To unsubscribe from this list, send an email to [log in to unmask] with the words UNSUBSCRIBE RECORDS-MANAGEMENT-UK
For any technical queries re JISC please email [log in to unmask]
For any content based queries, please email [log in to unmask]
|