Hi, in my private sector organisation we deal with DSARs within a small team that deals with data protection and other regulatory matters. We may, on rare occasions, refer to the legal team for advice. I agree with Michael that dealing with these is an art and there are different lawful variations on a theme.
I keep toying with the idea of providing the DSAR response on an encrypted memory stick instead of paper, where the DS has a computer, because it would be safer for the DS and save money in terms of paper/photocopying and postage costs. I am interested to know if anyone else offers this and if so what reaction if any you have had from Data Subjects.
As an aside, my reading of the Irish amendments to the draft regulation is that if accepted we would be able to charge for providing a copy of the Personal Data we hold so long as that charge is not excessive. Am I reading this correctly, or is it wishful thinking? What is excessive - Is charging cost price for the photocopying excessive? What about the cost of staff time to conduct the request?
Chris
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Ian Knight
Sent: 10 June 2013 12:29
To: [log in to unmask]
Subject: [data-protection] Subject access request: processes
Hello all,
A couple of queries about subject access requests which I am hoping people of on here can provide some clarity on:
When a request is received by an organisation who processes the request, in terms of redaction, seeking consents, making decisions of how and when to apply exemeptions and who is responsible for signing off a response? Is this done by a specific staff member or are the professional staff (social workers, clinicians) expected to carry out this task?
Does this differ if the case is closed i.e. over 5 years since involvement?
Looking at policies on the internet and this seems to differ from organisation to organisation but wondering if there is a general consensus on these issues.
Any assistance would be much appreciated.
Thanks
Ian
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|