• Welcome to the LegalBeagles Consumer and Legal Forum. Please register to get the most out of the forum. Registration is free and only needs a username and email address.

SAR for social services - redaction

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SAR for social services - redaction

    Hi LB, long time no speak

    Wonder if anyone can help. I issued a SAR to my LA to get my social care records.

    They returned 4 pages of print out, and everything except my name was redacted. I wrote to the authority asking if this was an oversight, and which exceptions they relied upon. They told me that the redactions are all within legal frameworks.

    So I have, in effect, 4 pieces of paper with my name on the top and the rest of the page is a big, black filled box.

    Can anyone advise on the best way to proceed here?
    Advice given is offered as personal opinion only. I always recommend you seek professional legal advice.

    Tags: None

  • #2
    Re: SAR for social services - redaction

    Section 37 / schedule 7 DPA covers various excemptions which are less likely to apply in the case of a LA.

    Depending on circumstances one could possibly rely on - https://ico.org.uk/for-organisations...on/exemptions/ :

    "Legal advice and proceedings

    Personal data is exempt from the non-disclosure provisions where the disclosure of the data is necessary:

    • for or in connection with any legal proceedings (including prospective legal proceedings);
    • for obtaining legal advice; or
    • for establishing, exercising or defending legal rights.

    You do not have to disclose personal data in response to a request from a third party simply because this exemption applies. You can choose whether or not to apply the exemption to make a disclosure, and you should do so only if you are satisfied that the disclosure falls within the scope of the exemption. In other words:

    • it is necessary for one of the above purposes; and
    • applying the non-disclosure provision would be inconsistent with the disclosure.

    When faced with a request for disclosure, it can be difficult to decide whether the necessity test can be satisfied. You may also be reluctant to make a disclosure of personal data because of your relationship with the individual. In such circumstances you may decide not to comply with the request, unless obliged to do so under a court order.
    Personal data is also exempt from the subject information provisions if it consists of information for which legal professional privilege (or its equivalent in Scotland) could be claimed in legal proceedings in any part of the UK.

    "
    Last edited by JCE; 8th August 2017, 23:59:PM.

    Comment


    • #3
      Re: SAR for social services - redaction

      Hi

      If its your data ( file ), you should get it without redactions apart from other peoples names, and references to anyone else file and the curcs that [MENTION=37437]JCE[/MENTION] describes. I have had to do SAR for social services years ago, and went through the ICO nd got the full files from 2 councils, unredacted.

      Ask them to explain the redactions
      crazy council ( as in local council,NELC ) as a member of the public, i don't get mad, i get even

      Comment


      • #4
        Re: SAR for social services - redaction

        Thanks CC & would you (or anyone else here on LB) please clarify, what is usually considered "third party" data, as ICO states - https://ico.org.uk/for-organisations...ey-definitions :

        “Although a data controller’s employee to whom information is disclosed will be a ‘recipient’, they will usually not be a “third party”.

        This is because the employee will usually be acting in their employment capacity, and so will be acting on behalf of the data controller.”

        Yet a puplic body redacted recently all employee names in response to a SAR which according to Shamen's old post here they should not ?!: http://legalbeagles.info/forums/showthread.php?23577-banks-and-sars&p=164494#post164494

        In this instance ICO declared they would not enforce compliance even though the public body in question failed to respond within the 40 day timeframe and did not provide the comprehensive SAR-information requested.

        Which sections of the DPA 1998 would validate a breach of the DPA in case of non-compliance and enforce the un-redacted release of the employee-names if acting in their employment capacity on behalf of the data controller??

        Comment

        Announcement

        Collapse
        No announcement yet.
        Loading...

        upgrade to vip

        Want exclusive access to forums, more privacy and a live chat box? Upgrade to become a bigger part of our community.

        only £15/yr

        Offers available. No subscription traps.

        sign up now

        Resolver is a free automated complaints system that can help with all kinds of consumer complaints - including missold PPI and Package Bank Accounts.

        make a complaint



        Search and Compare fixed fee legal services and find a solicitor near you.

        Find a Law Firm


        Working...
        X