The ICO expects organisations to presume that a request by a Data Subject to be supplied with their Personal Data is a SAR, even if FOIA is cited.
M
> On 27 Jan 2017, at 10:19, Phil Bradshaw <[log in to unmask]> wrote:
>
> Steve
>
> If you are happy with your assessment then it follows you can assume they have have not made an SAR as such and only need to do an FOI refusal along the lines:
>
> "Thank you for your request. If we were able to answer this request it would involve disclosing information relating to your own mobile number, and your number is personal data relating to you. Accordingly under s40(5)(a) of FOIA the duty to confirm or deny whether we hold such data does not arise. We confirm therefore that we are unable to confirm or deny whether we hold the information you have requested. ... [usual review and appeal clauses]."
>
> Keep it simple.
>
> This is analogous to the common situation where someone asks for "a copy of my file", typically in a complaint scenario.
>
> In practice we will often comply as that is the simpler (and (a) good practice and (b) may be required for other reasons) thing to do in most cases. But that is not what is required by DP/FOI law. Under an SAR you only have to disclose the PD in the file and even without considering Durant there will be much in the file which is not PD. If you disclose some and withhold the rest on the basis not PD they may indeed say, "well if it's not PD give it to me under FOI". But under FOI the only CORRECT response is a RTCD under s40(5)(a) that you hold such a file, because admitting you have a file discloses PD and the duty to confirm or deny simply does not arise under FOI.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list owner
> [log in to unmask]
> Full help Desk - please email [log in to unmask] describing your needs
> To receive these emails in HTML format send the command:
> SET data-protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|