New guidance on personal data requests
The Information Commissioner’s Office (ICO) has issued new guidance for businesses and other organisations to help them deal with requests from individuals for their personal data.
The Data Protection Act gives everyone the right to find out what information an organisation holds about them by making a subject access request, allowing them to find out important information ranging from details on their credit history to data contained in health records. Once received, an organisation normally has 40 days to reply to the request.
The new guidance, published on 8 August, has been issued after the ICO handled over 6,000 complaints related to subject access requests in the last financial year, with more than one in six relating to money lenders, including credit reference agencies and banks.
Information Commissioner Christopher Graham said: “We are all being asked to provide organisations with more and more information about ourselves and subject access requests are a useful tool for keeping control of our data.
“The ICO’s complaints figures show that many organisations still need to improve their processes for dealing with these requests.
“Our new subject access code of practice will help organisations deal with these types of requests in a timely and efficient manner, allowing them to demonstrate that they are looking after their customers’ data and being open and transparent about the information they collect. This can only be a good thing for organisations and consumers.”
The ICO will also be surveying websites later in the year, looking at the information organisations in the public, private and third sector are providing to anyone who may want to make a subject access request. It will use its findings to produce a report in the new year.