Data protection: the Information Commissioner’s Office has published a code of practice for subject access requests - .PDF file.
The Information Commissioner has published a new code of practice covering how employers should deal with subject access requests (SARs) from employees. It is intended to clarify the procedural aspects of this area of law, following complaints received from both employees and employers.
Under the Data Protection Act 1998 (DPA), employees have the right to: know whether ‘personal data’ about them is being processed by the employer (s. 7[a]); a description of the nature and extent of this processing, including the recipients of it (s. 7[b]); have this information ‘communicated in an intelligible form’ (s. 7[c]); and an explanation of the logic behind any ‘automated decision making’ that uses the personal data (s. 7[d]).
SARs may be made on the basis of these rights. Once received, an employer has 40 days to comply with the SAR, but is not obliged to act (but may act if it wants to) until it has received a £10 fee, evidence to confirm the identity of the employee and any necessary information required to locate the requested information…
If you are registered and logged in to the site, click on the link below to read the rest of the Addleshaw Goddard briefing. If not, please register or sign in with your details below.