• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.

Subject access policy, Data Protection Guide, CCTV Guide updated (ICO)

Collapse
Loading...
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Subject access policy, Data Protection Guide, CCTV Guide updated (ICO)

    https://iconewsblog.wordpress.com/20...ionate-effort/

    Subject access policy updated after court rulings on disproportionate effort

    Posted on July 5, 2017by icocomms
    By Vivienne Adams, Senior Policy Officer.

    As July arrives and brings with it summer (albeit a damp version of it here in Wilmslow so far), there are now fewer than 11 months until the arrival of the much-heralded GDPR.
    As you can imagine, that means a busy time in the policy team, working on the guidance to help organisations understand the new law. But while there’s plenty of work still to do there, our work on guidance for the Data Protection Act (DPA) doesn’t stop.
    The DPA is, after all, the current law. And as its interpretation is adapted and evolves through court decisions, so must our corresponding guidance.
    The latest updates we’ve made to the Guide to data protection and also our CCTV and Subject access request (SAR) codes of practice are a case in point. Please see the appendix below for more details.
    Earlier this year, two Court of Appeal judgments – Dawson-Damer & Ors v Taylor Wessing LLP [2017] EWCA Civ 74 and Ittihadieh v 5-11 Cheyne Gardens RTM Co Ltd & Ors and Deer v University of Oxford [2017] EWCA Civ 121 – were published which were particularly notable for how they dealt with disproportionate effort around subject access requests.
    Those judgments clarified that data controllers can take into account difficulties which occur throughout the process of complying with a request, including difficulties in finding the requested information.
    That doesn’t mean organisations should try to avoid replying to subject access requests. The burden of proof is on you as data controller to show that you have taken all reasonable steps to comply with the SAR, and that it would be disproportionate in all the circumstances of the case for you to take further steps.
    And even if you can show that supplying a copy of information in permanent form would involve disproportionate effort, you should still try to comply with the request in some other way.
    It’s another stage of the evolution of the law. If you want to keep up-to-date on future changes to guidance, it’s worth signing up to our e-newsletter, which provides monthly updates on all things information rights.
    APPENDIX
    Details of changes to ICO guidance and codes of practice
    Subject access code of practice
    Disproportionate effort and the handling of SARs
    We have amended chapters 6 and 8 on the application of the disproportionate effort exception in s8(2) of the DPA: the extent of the duty to provide subject access, information contained in emails and supplying information in permanent form.
    In chapters 5 and 6 we have highlighted to organisations that when they design or specify systems such as CCTV they should bear in mind the need to facilitate the handling of SARs.
    National scope of LPP exemption
    We have also clarified in chapter 9 that personal data is exempt from the right of subject access if it consists of information for which legal professional privilege (or its Scottish equivalent) could be claimed in legal proceedings in any part of the UK.
    Court’s discretion under s7(9) DPA
    We have amended chapters 9 and 11 to state the Court of Appeal’s view that the court has a wide discretion to order compliance with a SAR, and to include the factors it listed. The existence of a collateral purpose or legal proceedings when making a SAR is irrelevant.
    Other changes to the SAR code
    We have also taken the opportunity to make other changes to the Subject access code of practice:
    • In chapter 10 we have clarified, in order to avoid confusion, that the ICO is not the responsible regulator for legislation on access to pupils’ educational records.
    • At the end of chapter 11 we have inserted a new paragraph stating the position on enforced subject access.
    • Throughout the code, we have changed references to the gender of the Commissioner to the feminine.

    CCTV code of practice
    We’ve amended section 5.2.3 of the CCTV code of practice to reflect the Court of Appeal’s judgments on the application of the disproportionate effort exception.
    We’ve also amended the wording of sections 5, 6 and 7 to highlight to organisations the need to ensure the design of CCTV and other surveillance systems facilitates the handling of SARs.
    Finally we’ve removed references to old cases, and updated old links.
    Guide to data protection
    We’ve amended the sectionWhat if sending out copies of information will be expensive or time consuming?” to reflect the Court of Appeal’s judgments on the disproportionate effort exception.
    We have also amended the section on exemptions: “Legal advice and proceedings” to state that the exemption applies where legal professional privilege (or its Scottish equivalent) could be claimed in legal proceedings in any part of the UK.
    Vivienne Adams is a Senior Policy Officer in the ICO’s Policy and Engagement Department, working on information rights policies and providing advice and guidance to colleagues and stakeholders.
    CAVEAT LECTOR

    This is only my opinion - "Opinions are made to be changed --or how is truth to be got at?" (Byron)

    You and I do not see things as they are. We see things as we are.
    Cohen, Herb


    There is danger when a man throws his tongue into high gear before he
    gets his brain a-going.
    Phelps, C. C.


    "They couldn't hit an elephant at this distance!"
    The last words of John Sedgwick
    Tags: None

View our Terms and Conditions

LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.
Working...
X