I've always worked on the basis that once a response has been issued, whatever the method used, the 40 days obligation is complete.
It seems inherently unfair to the authority to do it any other way. Otherwise, the authority would then have to include the location of the requester in their consideration of how long they've got to respond. It would also require the requester to verify receipt of the material before a case could be closed. Speaking from experience, I could have had cases open for years, if not permanently, if I'd waited for the requester to respond in all cases. How would the ICO know that you've fulfilled your obligations if you have to wait until the requester verifies receipt before closing a case?
I've been through a couple of DP ICO Audits and this issue has never been raised by them. On that basis alone, I would be inclined to feel that closing at point of issue is not a problem for them.
Andrew Goodfellow-Swaap
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|