| Subject Access Requests 14:36 - Jan 31 with 1309 views | Zx1988 |
Quick question for those in the know about such things...
I've just submitted an SAR to a company in order to obtain copies of files and records to assist me with an ongoing matter, including copies of some specific telephone calls (they state that 'all calls are recorded', and I've been able to provide them with all the information to help them find the calls in their records...).
I assume that the success (or not) of an SAR is wholly dependent upon the organisation's honesty, and willingness to disclose records etc.,? Or would any Data Protection Officer worth their salt know that it's not worth the risk of leaving something out, on the basis that they don't know what data the Subject already has access to? |  |
| |  |
| Subject Access Requests on 14:42 - Jan 31 with 1252 views | itfcjoe |
I'd guess willingness as much as honesty, because from my previous experience call location is like looking for a needle in a haystack even with all the info required and a very labour intensive process. Whilst calls are recorded they prob don't state how long they keep them for and in reality aren't storing access about you by keeping them as they don't know they are holding it.
In my current job, I've had to deal with a couple of SARs, and both were just from clients being arsey, absolutely no care what we hold - just an opportunity to make my life awkward and cause discomfort at a cost of £10 or whatever it was. If companies are used to receiving them for this reason then they may be less liable to help - I certainly was and did minimum I could. |  |
| |
| Subject Access Requests on 15:20 - Jan 31 with 1086 views | factual_blue |
It's been a while since I was involved with this, but organisations have some rights to redact material. What they're allowed to omit is I think set out - commercially or personally sensitive stuff (eg names of individuals). They deliberately withhold stuff at their own peril. |  |
| |
| Subject Access Requests on 15:25 - Jan 31 with 1058 views | Kropotkin123 |
It's not worth the risk, considering the fines. They should have processes for how they handle and destroy data.
Being in recruitment I have emails and database set to destroy records after human rights claims can no longer be made against us (2 years).
From the other side, I've used a SAR as leverage. FedEx were messing me around, trying to falsely charge me money -Import tax for their error. Knowing that calls pertaining to my case were recorded, I issued a SAR that I said I'd drop, if they dropped their case against me (which they did within the week). If they had pretended they didn't have it or deleted it, they would have been screwed later down the line, as it wouldn't have followed their processes.
All this is to say, if they mess you around, escalation can be very bad for them. But escalation depends of how much time and effort you would be prepared to put it. I knew my aim and gave them an easy out. |  |
| Submit your 1-24 league prediction here -https://www.twtd.co.uk/forum/514096/page:1 - for the opportunity to get a free Ipswich top. | | Poll: | Would you rather | | Blog: | Round Four: Eagle |
| |
| Subject Access Requests on 16:40 - Jan 31 with 945 views | CraigIT |
I had a shock when I saw my record. Something was on that I had genuinely not done. I easily proved I was innocent. | | | |
| Subject Access Requests on 09:49 - Mar 7 with 522 views | Zx1988 |
Just a quick bump on this one, given the knowledge we clearly have here.
SAR submitted with a deadline of 3rd March, which was confirmed by the company in question.
On Friday I received an email advising me that they had completed the request, and would be posting the information to me in hard copy, as per my request. I've still not received anything.
When it comes to the deadline, do I have to have received the information by the deadline, or is it enough for the respondent to have completed their exercise and sent the information to me? | |
| |
| Subject Access Requests on 10:04 - Mar 7 with 469 views | DJR |
| Subject Access Requests on 09:49 - Mar 7 by Zx1988 |
Just a quick bump on this one, given the knowledge we clearly have here.
SAR submitted with a deadline of 3rd March, which was confirmed by the company in question.
On Friday I received an email advising me that they had completed the request, and would be posting the information to me in hard copy, as per my request. I've still not received anything.
When it comes to the deadline, do I have to have received the information by the deadline, or is it enough for the respondent to have completed their exercise and sent the information to me? |
Without being an expert in this area, it looks like the duty is to respond, and if they emailed you on the 3 March, it may well be that they could have sent you the information on that date, had you not requested a hard copy. And I am sure it could be said that by sending you the hard copy on that date, they have responded in time.
So it is not clear to me that they have done anything wrong, and indeed by responding to you on 3 March by email, they were clearly aware of the deadline.
It would also seem to me, whatever the position, that a couple of days here or there are really not materially significant. [Post edited 7 Mar 2023 10:07]
|  | | |
| Subject Access Requests on 10:25 - Mar 7 with 424 views | farkenhell |
| Subject Access Requests on 15:25 - Jan 31 by Kropotkin123 |
It's not worth the risk, considering the fines. They should have processes for how they handle and destroy data.
Being in recruitment I have emails and database set to destroy records after human rights claims can no longer be made against us (2 years).
From the other side, I've used a SAR as leverage. FedEx were messing me around, trying to falsely charge me money -Import tax for their error. Knowing that calls pertaining to my case were recorded, I issued a SAR that I said I'd drop, if they dropped their case against me (which they did within the week). If they had pretended they didn't have it or deleted it, they would have been screwed later down the line, as it wouldn't have followed their processes.
All this is to say, if they mess you around, escalation can be very bad for them. But escalation depends of how much time and effort you would be prepared to put it. I knew my aim and gave them an easy out. |
Sorry, I missed this post in January.
You might want to review your destruction policy. Most civil claims in the UK have a limitation period for commencing court proceedings of 6 years (after which time you should have a complete defence in law, regardless of the merits of the claim). Proceedings can also be commenced but service of the court papers delayed for up to 1 year thereafter.
The danger of destroying electronic files automatically after 2 years is that you may inadvertently be getting rid of evidence that would rebut a potential claim against you (although you may not become aware of that claim until later).
We have a minimum of 7 years retention before we destroy anything (and even then, we review and fillet before destroying). | | | |
Login to get fewer ads
| Subject Access Requests on 10:32 - Mar 7 with 407 views | DJR |
| Subject Access Requests on 10:25 - Mar 7 by farkenhell |
Sorry, I missed this post in January.
You might want to review your destruction policy. Most civil claims in the UK have a limitation period for commencing court proceedings of 6 years (after which time you should have a complete defence in law, regardless of the merits of the claim). Proceedings can also be commenced but service of the court papers delayed for up to 1 year thereafter.
The danger of destroying electronic files automatically after 2 years is that you may inadvertently be getting rid of evidence that would rebut a potential claim against you (although you may not become aware of that claim until later).
We have a minimum of 7 years retention before we destroy anything (and even then, we review and fillet before destroying). |
Sounds eminently sensible. | | | |
| |
By continuing to use the site, you agree to our use of cookies and to abide by our Terms and Conditions.
