Subject: Re: [data-protection] Subject access [Ezias will disappear with technology]

Dear All,

I think there are secondary messages to draw from this decision, which do NOT grant relief to data controllers. They reflect the changing nature of records management (read broadly to include document management and information management).

First, Lloyds disclosed a lot more information in the lead up to the decision.. They were able to locate it, without the apparent disproportionate effort. One may note that they will have likely been able to do this given the concern with Earles v Barclays.

In Earles v Barclays Bank [2009] EWHC 2500 (Mercantile) the Judge imposed costs sanctions on the successful defendant for failure to conduct disclosure satisfactorily (see #Costs below). He said (at [71]):

"It might be contended that CPR 31PD 2A and electronic disclosure are little known or practised outside the Admiralty and Commercial Court. If so, such myth needs to be swiftly dispelled when over 90% of business documentation is electronic in form. The Practice Direction is in the Civil Procedure Rules and those practising in civil courts are expected to know the rules and practise them; it is gross incompetence not to." (http://www.edisclosure.uk.com/wiki_new/index.php?title=Electronic_Disclosure)

I have not read the decision in detail and I do not know Lloyds approach to this, but a desire to comply with CPR will have played a part. Happy to be corrected on this point.

Second, technology is changing so that disproportionate effort on *electronic* searches will be harder and harder to justify. In part, because organisations will need to meet DPA requirements (in principle they have to meet the 8 principles). In part, because they will have to meet the requirements of the emerging right to be forgotten. Finally, in part to meet CPR (e-discovery requirements).

With each passing year, we become more electronic in our records. With each passing year, the search systems become more advanced. In time disproportionate effort and fees notices will fade. During this transition phase, the court’s approach makes sense. However, they will disappear in time.

I would be interested in how those operating with e-discovery and CPR view the situation and whether they review it as it relates to Data Protection Subject Access requirements. After all, if you can find it for court, it should be found for DPA would be one way to look at it.

Best,

Lawrence

From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Phil Bradshaw
Sent: 25 April 2012 15:52
To: [log in to unmask]
Subject: Re: [data-protection] Subject access

Wonder if ICO will now acknowledge the Ezsias principle on proportionality of SAR searches ?

----- Original Message -----

From: [log in to unmask]

Sent: 04/25/12 03:14 PM

To: [log in to unmask]

Subject: [data-protection] Subject access

 
Interesting new case on subject access under DPA:

 
http://www.panopticonblog.com/2012/04/25/subject-access-requests-–-mixed-motives-and-proportionate-searches/

 
The Ezsias case mentioned - I have done an article on this :

 
http://www.actnow.org.uk/content/46

 
Regards

 
Ibrahim Hasan

 
Www.actnow.org.uk

 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

 
     All archives of messages are stored permanently and are

 
      available to the world wide web community at large at

 
      http://www.jiscmail.ac.uk/lists/data-protection.html

 
     If you wish to leave this list please send the command

 
       leave data-protection to [log in to unmask]

 
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm

 
 Any queries about sending or receiving messages please send to the list owner

 
              [log in to unmask]

 
  Full help Desk - please email [log in to unmask] describing your needs

 
        To receive these emails in HTML format send the command:

 
         SET data-protection HTML to [log in to unmask]

 
   (all commands go to [log in to unmask] not the list please)

 
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

Leaving this list: send leave data-protection to [log in to unmask]
Suspending emails from all JISCMail lists: send SET * NOMAIL to [log in to unmask]
To receive emails from this list in text format: send SET data-protection NOHTML to [log in to unmask]
To receive emails from this list in HTML format: send SET data-protection HTML to [log in to unmask]

All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)

Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.