ICO Subject Access Code of Practice helps organisations give people control over their data

Most common reason for complaining to the ICO with over 6,000 complaints last year.

  • 11 years ago Posted in

The Information Commissioner’s Office (ICO) has published new guidance for organisations to help them deal with requests from individuals for their data.


Under the Data Protection Act, anyone has the right to find out what information an organisation holds about them by making a subject access request. This right allows individuals to find out important information ranging from details recorded on their credit history to data included in their health record. Once received, an organisation normally has forty days to reply to the request.


During the last financial year the ICO handled over 6,000 complaints related to subject access requests, with over one in six of these complaints relating to money lenders, including credit reference agencies and banks.


The new guidance – which has been accredited by the Plain Language Commission - will help organisations handle subject access requests more efficiently, while supporting the public in taking control of their personal information.


Announcing the publication of the ICO’s new Subject Access Code of Practice the Information Commissioner, Christopher Graham, said:
“We are all being asked to provide organisations with more and more information about ourselves and subject access requests are a useful tool for keeping control of our data. They can be particularly important when checking your credit rating or applying for a loan, but the ICO’s complaints figures show that many organisations still need to improve their processes for dealing with these requests.


“Handling subject access requests correctly can also benefit organisations by highlighting errors and helping them to make sure the information they are using is accurate and up-to-date.


“Our new Subject Access Code of Practice will help organisations deal with these types of requests in a timely and efficient manner, allowing them to demonstrate that they are looking after their customers’ data and being open and transparent about the information they collect. This can only be a good thing for organisations and consumers.”


As part of the launch the ICO has published ten simple steps which organisations should consider when responding to subject access requests.
1. Identify whether a request should be considered as a subject access request
2. Make sure you have enough information to be sure of the requester’s identity
3. If you need more information from the requester to find out what they want, then ask at an early stage
4. If you’re charging a fee, ask for it promptly
5. Check whether you have the information the requester wants
6. Don’t be tempted to make changes to the records, even if they’re inaccurate or embarrassing…
7. …But do consider whether the records contain information about other people
8. Consider whether any of the exemptions apply
9. If the information includes complex terms or codes, then make sure you explain them
10. Provide the response in a permanent form, where appropriate


The ICO will also be carrying out a ‘subject access request sweep’ of websites later in the year. The project will look at the information organisations in the public, private and third sector are providing to anyone who may want to make a subject access request, and will prompt a report that will be published in the new year.
 

Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Infinidat has achieved significant milestones in an aggressive expansion of its channel...
Nearly all senior business decision-makers (96%) surveyed report data strategies as essential to...
SharePlex 10.1.2 enables customers to move data in near real-time to MySQL and PostgreSQL.
NetApp extends its collaboration to accelerate Ducati Corse’s digital transformation and deliver...
Partnership to be featured at COP26, highlighting how data-driven solutions and predictive...
Next-Gen solutions to deliver market-leading enterprise cloud scalability, cyber resilience and...
he EMEA external storage systems market value was up 3.3% year on year in dollars but down 5.5% in...