Dear all,
I'm sure this has been discussed before, but could I ask for your views on
what you believe is and is not 'personal data' for the purposes of a
Subject Access Request? The situation we have is that one of our customers
has made a SAR and asked for "copies of all the records held on any
policies ever held, whether cancelled or still in force" - he has a lot of
policies with us!
Our approach has been (in an attempt to be helpful and transparent with our
customers, and not to confuse them with the in's and out's of Durant) to
provide copies of policy files and screen prints from our systems.
Post-Durant, this is likely to be more than we actually need to provide
under a SAR but we've taken the view that it's easier to go with the 'give
them everything' route rather than weed through our records and determine
whether info is or isn't personal data (and then try and explain that in
Plain English to customers without sounding like we're trying to pull a
fast one!).
This particular case has brought matters to a head due to the volume of
policies this customer has with us and by the fact that it's obvious he is
looking for information to further a complaint (I know SAR applicants don't
need to explain why they want copies of their information, but sometimes
it's quite obvious). I plan to write to him to explain that his request
for copies all records held on his policies goes beyond a SAR as he's
looking for policy information rather than personal data (personal data
being his name, address, age, occupation etc.) but I expect he may not be
satisfied with this and argue that his policy information is his personal
data.
Has anyone had any similar dealings or experiences of this that they could
share with me? Has anyone produced a really nice post-Durant letter for
SAR applicants letting them know what they can expect to receive / setting
their expectations on 'personal data'?
I would be grateful for any help / guidance etc..
Many thanks,
Emma
Emma Bothamley
Data Protection Consultant
01733 471226
UKLS Financial Services Ltd No. 3715118, NPI Ltd No. 3725037, National
Provident Life Ltd No. 3641947, NPI Investment Managers Ltd No. 0962757,
NPI Portfolio Managers Ltd No. 2238069, London Life Ltd No. 1179800,
London Life Linked Assurances Ltd No. 1396188, Pearl Assurance plc No.
1419, Pearl Assurance (Unit Funds) Ltd No. 1027138, Pearl Assurance
(Unit Linked Pensions) Ltd No. 1122485, Pearl Unit Trusts Ltd No.
958262, Pearl ISA Ltd No. 3597973 are the companies that make up
the HHG Life Services Marketing Group and are authorised and regulated
by the Financial Services Authority for pensions, investments and life
assurance. Pearl GI Ltd No. 2587380 is a member of the General Insurance
Standards Council. UKLS Financial Services Ltd is registered with the
Mortgage Board. All companies are registered in England at The Pearl
Centre, Lynch Wood, Peterborough PE2 6FY. Tel. 01733 470470. We may
record or monitor telephone calls to improve service and protect
customers.
The information in this e-mail is confidential and may be legally
privileged. It is intended solely for the addressee and access to this
e-mail by anyone else is unauthorised. Although this message and any
attachments are believed to be free of any virus or other defect that
might affect any computer system into which it is received and opened,
it is the responsibility of the recipient to ensure that it is virus
free and no responsibility is accepted by any company within the HHG
group of companies for any loss or damage in any way arising from its use.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
