17th December 2015
In Part 1 of our series we wrote about what to do when you receive a subject access request under the Data Protection Act 1996 (“DPA”). Now turning to your response to a request, the DPA provides exemptions which you may be able to apply in order to withhold certain types personal data. The most common exemptions which may apply are:
Summary: It is important to keep a detailed record of all data which was identified as being within scope, data disclosed and data not disclosed. Keep a clear record of why certain data has not been disclosed and the exemption applied. If contested, this evidence and your reasoning will be key.
Although a recent case held that disclosure was not required where it was not reasonable or proportionate to carry out the search for personal data, this runs very much contrary to the general stance taken by the Information Commissioner’s Office (“ICO”). We would advise that taking such a position is risky; the employee making the request may very well challenge your position with the ICO and the time and costs involved in dealing with the challenge may outweigh the savings you might have made in not responding to the request.
The contents of this newsletter are intended as guidance for readers. It can be no substitute for specific advice. Consequently we cannot accept responsibility for this information, errors or matters affected by subsequent changes in the law, or the content of any website referred to in this newsletter. © Mundays LLP 2015.
Céline Winham looks at confidential clauses and how all involved know their rights to prevent reputational damage on both sides
Jeremy Duffy and Annika Bell look ahead to the long anticipated probate fee hike
Andrew Knorpel points to some helpful guidance materials for employers to be suitably equipped for mental health in the workplace.