We recently discussed 6 steps to handling personal data and in this blog I’ll explain how to deal with disclosure requests.
Sometimes you may get a request from one of your clients or suppliers, for example, asking that you confirm to them what personal information belonging to them you have in your possession. This is called a ‘subject access request’.
In almost all circumstances, they are legally entitled to ask you to accurately disclose this information to them and you are obliged to comply with their request.
This is how to deal with such a request:
- you must respond within 40 calendar days of receiving the request;
- you may ask for any information you require to help you to locate the requested information from amongst your records and to properly check the person’s identity and assure yourself that they are authentic and not a scam attempt;
- if you want to, you’re allowed to charge an administrative fee of £10 to cover your time and effort involved in responding to this request and you can request this fee, before undertaking any search.
There are exceptions
There are special circumstances where the requirement, to disclose on request what you know or record about someone is ‘trumped’ by a greater legal and/or socially beneficial priority. These exemptions can be critical and occasionally controversial. If you’re ever uncertain about where you stand in these situations, it would be sensible to seek a legal opinion from someone qualified to advise on this area of law. The most common example where the duty to disclose what you know or record about someone is not enforced is where suspicions of criminal activity, including tax evasion, arise.
So for example, the police are not required to disclose their records or the information that they hold on a particular person where they are conducting an investigation – to require them to do otherwise would seriously jeopardize their investigation. HMRC are similarly entitled to withhold data or decline to comply with a personal data disclosure request where this would risk compromising a tax investigation into the lawfulness of that person’s tax position.
Our award-winning lawyers at LHS Solicitors have experts lawyers dealing with data protection issues daily. If you need some legal guidance, they’ll provide you with clear information on process, timing and cost, so you always know what to expect and how best to handle your data-handling responsibilities.
You're on our blog and updates site, which is hosted by elXtr. elXtr is a leading digital hub powered by the award-winning lawyers at LHS Solicitors LLP, bringing you real law, made easy.
This right, commonly referred to as subject access, is created by section 7 of the Data Protection Act. It is most often used by individuals who want to see a copy of the information an organisation holds about them. However, the right of access goes further than this, and an individual who makes a written request and pays a fee is entitled to be: told whether any personal data is being processed; given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people; given a copy of the information comprising the data; and given details of the source of the data (where this is available).