I received a response to one of my outstanding RFAs today from the OIC. Part of it states: In 2003 a new ruling was made in relation to subject access requests (Durant v FSA 2003). This ruling adopts a more restrictive approach than the office has previously taken. Please be awware that the office is still considering the full effects of the ruling and its implicatation but it seems likely that in light of the Durant Ruling the purpose of section 7 of the DPA 1998 is to enable an individual to check whether a data controller's processing of his persona data unlawfully infringes his privacy. It is not an automatic key to any information, readily accessible or not, of matters in which he may be named or involved. It is likely in most cases that only information that named and directly refers to him will quality. It is our view that this information does not quality as personal data. As much of the information I was seeking to obtain was comments that members of staff made about work I did for the company (including comments that whilst I as working there I had to complain about), I find this to be a complete disregard for what I believed to be one of the purposes of the DPA. The company in question also provided approximately 1000 pages of completely unintellible information dumped directly from their database, most of which was in the form of: 19847 43821 401854 19847 43910 1048941 ... etc for hundreds of pages. With each section of this they provided a reference to what this section was called (e.g. 'tat'), and headers which supposedly state the column information (customerid, tatid, otherid(!)). The OIC have also failed to get the company to elucidate further on this declaring that "<the company> states that much of the information is techical, and in each case they have provided details of what the information provided represents, including table headers." They have therefore closed the investigation. My view on this is that, particularly with regard to Durant, the UK is now no longer in compliance with the objectives of the original EC directive, and that Subject Access is now almost entirely a myth. A company can refuse to provide most information; and what they do provide can be completely unintelligible. Under this new approach, I suspect that most organisations will be able to relax their DPA procedures significantly, and that many of those currently employed in full-time Data Protection roles could be out of a job within a year. Tony Tony ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^