Insights Information Commissioner’s Office amends Guide to data protection and CCTV and Subject access request (SAR) codes of practice

Contact

Following the recent Court of Appeal decisions in Dawson-Damer v Taylor Wessing LLP [2017] EWCA Civ 74 and Ittihadieh v 5-11 Cheyne Gardens RTM Co Ltd and Deer v University of Oxford [2017] EWCA Civ 121, the ICO has updated its guidance in relation to the handling of SARs.

The judgments examined the subject of disproportionate effort around subject access requests, clarifying that data controllers can take into account difficulties that occur throughout the process of complying with a request, including difficulties in finding the requested information. The ICO has amended its guidance and codes of practice to reflect this finding.

The ICO has also highlighted to organisations that when they design or specify systems such as CCTV they should bear in mind the need to facilitate the handling of SARs.

In addition, the ICO has clarified that personal data is exempt from the right of subject access if it consists of information for which legal professional privilege (or its Scottish equivalent) could be claimed in legal proceedings in any part of the UK.

It has also taken into account the Court of Appeal’s view that the court has a wide discretion to order compliance with a SAR, and to include the factors it listed. The existence of a collateral purpose or legal proceedings when making a SAR is irrelevant. To read the ICO’s blog posting and to access the amended guidance, click here.

Expertise