Dear all, I'm sure this has been discussed before, but could I ask for your views on what you believe is and is not 'personal data' for the purposes of a Subject Access Request? The situation we have is that one of our customers has made a SAR and asked for "copies of all the records held on any policies ever held, whether cancelled or still in force" - he has a lot of policies with us! Our approach has been (in an attempt to be helpful and transparent with our customers, and not to confuse them with the in's and out's of Durant) to provide copies of policy files and screen prints from our systems. Post-Durant, this is likely to be more than we actually need to provide under a SAR but we've taken the view that it's easier to go with the 'give them everything' route rather than weed through our records and determine whether info is or isn't personal data (and then try and explain that in Plain English to customers without sounding like we're trying to pull a fast one!). This particular case has brought matters to a head due to the volume of policies this customer has with us and by the fact that it's obvious he is looking for information to further a complaint (I know SAR applicants don't need to explain why they want copies of their information, but sometimes it's quite obvious). I plan to write to him to explain that his request for copies all records held on his policies goes beyond a SAR as he's looking for policy information rather than personal data (personal data being his name, address, age, occupation etc.) but I expect he may not be satisfied with this and argue that his policy information is his personal data. Has anyone had any similar dealings or experiences of this that they could share with me? Has anyone produced a really nice post-Durant letter for SAR applicants letting them know what they can expect to receive / setting their expectations on 'personal data'? I would be grateful for any help / guidance etc.. Many thanks, Emma Emma Bothamley Data Protection Consultant 01733 471226 UKLS Financial Services Ltd No. 3715118, NPI Ltd No. 3725037, National Provident Life Ltd No. 3641947, NPI Investment Managers Ltd No. 0962757, NPI Portfolio Managers Ltd No. 2238069, London Life Ltd No. 1179800, London Life Linked Assurances Ltd No. 1396188, Pearl Assurance plc No. 1419, Pearl Assurance (Unit Funds) Ltd No. 1027138, Pearl Assurance (Unit Linked Pensions) Ltd No. 1122485, Pearl Unit Trusts Ltd No. 958262, Pearl ISA Ltd No. 3597973 are the companies that make up the HHG Life Services Marketing Group and are authorised and regulated by the Financial Services Authority for pensions, investments and life assurance. Pearl GI Ltd No. 2587380 is a member of the General Insurance Standards Council. UKLS Financial Services Ltd is registered with the Mortgage Board. All companies are registered in England at The Pearl Centre, Lynch Wood, Peterborough PE2 6FY. Tel. 01733 470470. We may record or monitor telephone calls to improve service and protect customers. The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee and access to this e-mail by anyone else is unauthorised. Although this message and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by any company within the HHG group of companies for any loss or damage in any way arising from its use. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm Any queries about sending or receiving message please send to the list owner [log in to unmask] (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^