Ian
In my experience, it does vary; but in many private companies it lies with Personnel/ HR.
In companies that deal with customers - i.e., the general public - overall responsibility often rests with a small group of experienced staff. In turn, they will draw upon a number of functions - primarily, but in no way exclusively, IT - to provide raw data for redaction.
The art of redaction - and I use the word 'art' advisedly - is not something that is easily learned, and having different people perform it is likely to lead to differences in approach. For example, one person might redact an email and remove certain non-Personal Data and third party PD, but another person might redact a Word document containing a copy of the contents of that email differently.
Many staff SARs are seeking "full disclosure" of evidence provided by others in grievance and disciplinary matters. Consent from the witnesses is frequently withheld, and some organisations do not even seek such. As evidence is frequently given under cover of confidence, it is probably not "reasonable" to disclose without consent. Consequently, redaction seems to be the norm.
Where data from medical / Occupational Health records is requested, all of my clients seek sign-off from a qualified medical practitioner ... "to be on the safe side".
A client I am working with at present has determined a redaction rate of 30pp/hr for emails. When a SAR can cover thousands of pages of emails (much repetitive), alternative strategies are needed to achieve the 40 day supply timescale. Simply extracting ('cut-n-paste') the PD is a little faster, but can still not be fast enough.
Hope this is of some assistance.
In general, I would say that practitioners in the public sector have an easier job of it that those in the private sector, especially retail.
Best - M
Sent from my iPad
On 10 Jun 2013, at 12:28, Ian Knight <[log in to unmask]> wrote:
> Hello all,
>
> A couple of queries about subject access requests which I am hoping people of on here can provide some clarity on:
>
> When a request is received by an organisation who processes the request, in terms of redaction, seeking consents, making decisions of how and when to apply exemeptions and who is responsible for signing off a response? Is this done by a specific staff member or are the professional staff (social workers, clinicians) expected to carry out this task?
>
> Does this differ if the case is closed i.e. over 5 years since involvement?
>
> Looking at policies on the internet and this seems to differ from organisation to organisation but wondering if there is a general consensus on these issues.
>
> Any assistance would be much appreciated.
>
> Thanks
>
> Ian
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|