JISCMail - DATA-PROTECTION Archives

I had a complaint from ICO which actually worked out to my advantage!

I had a request from an ex-member of staff, who had already made several, 
large, piecemeal requests to our HR department. As there were some issues  
which were being dealt with by the Treasury Solicitor I sought their 
advice about whether they were happy for us to disclose certain parts of 
the information requested. The SAR was made in September, the Treasury 
Solicitor replied in mid-January, by which date I was well over time. 
Meanwhile I had conveyed my apologies to the requestor and provided the 
ICO address, should he wish to complain, which he did. I then received a 
complaint from the ICO, to which I responded and explained why I was 
sitting on the request. The caseworker was really helpful and we debated 
whether the information should be disclosed, eventually agreeing it should 
not; ironically, within days the Treasury Solicitor responded, saying we 
should!

I sent some of the information to the requestor, with a lengthy 
explanation of why I was refusing to supply certain bits (never thought 
I'd be pleased to rely on Durant). The ICO's response to the complainant 
effectively backed me up over what I had sent and probably prevented 
further correspondence; my bad behaviour would be 'kept on file', but was 
regarded as a blip. How hard my knuckles would have been rapped if I had 
refused to send anything I therefore don't know.

Hilary Lawrenson, Data Protection Officer
National Probation Service - South Yorkshire
Head Office, 45 Division Street, Sheffield, S1 4GE

Tel 0114 276 6911    Fax 0114 276 1967




Nigel Roberts <[log in to unmask]> 
Sent by: This list is for those interested in Data Protection issues 
<[log in to unmask]>
30/04/2007 13:17
Please respond to
Nigel Roberts <[log in to unmask]>


To
[log in to unmask]
cc

Subject
[data-protection] Failure to respond within statutory timescale to Subject 
Access Request






s.7 of the UK Act allows a Data Subject to make a Subject Access 
Request. A similar provision exists in the Guernsey Law.

There is a 40 day statutory deadline.

A person has served such a request.

What are the legal and practical consequences of /not/ replying within 
the statutory timescale

It now seems that there is no effective sanction for this breach unless 
the Commissioner can be persuaded to issue an enforcement notice. This 
is likely to take time

Has anyone on the Data Protection list been in this situation (on either 
side)??

What practical steps can this person take?

What liabilities (both theoretical and in reality) does the 
non-compliant company or organisation likely to suffer.

I'd be grateful for any comments at all.




Nigel

PS: For the purposes of thism I am going to make the assumption that the 
UK and Guernsey statutory provisions are practically the same, so I 
suspect that the place of establishment of the company or Data 
Protection Registration doesn't really come into it, but I have cc'd 
this to Data Protection Commissioner, and will post anything I get back 
which highlights any differences.



--
Nigel Roberts, CEO
Island Networks Group, Alderney, Guernsey GY9 3JZ

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at 
http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list 
owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your 
needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This message has been checked for all email viruses by the Cable & 
Wireless Email Protection Service.


**********************************************************************
This email & any files transmitted with it are private & intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, the e-mail & any attachments have been transmitted to you in error & any copying, distribution or use of the information contained in them is strictly prohibited.

The National Probation Service may monitor the content of the e-mails sent & received via its network for the purposes of ensuring compliance with its policies & procedures.

Any views or opinions presented are only those of the author & not those of the National Probation Service.
**********************************************************************



This message has been checked for all email viruses by the Cable & Wireless Email Protection Service.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^